Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP Not Booting After Combofix


  • This topic is locked This topic is locked
17 replies to this topic

#1 lenardb

lenardb

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 May 2010 - 04:22 AM

Hello
I've been helping my nephew with his computer. His IE has been unstable & he lost money from a bank account. He lives in the outback and I was remotely connected to his computer.

I got cocky & ran combofix. "She'll be right mate"... well no, she ain't right, DOH!
It mentioned rootkit activity & requested a reboot. It never came back. His PC will not boot now. It runs through post, then sits with a flashing cursor.

Details:
XP Pro SP3, P4 3G, 512Mb, 80Gb HDD.
We had removed CA ISS 2008 about an hour before. I had used CCleaner, JavaRA & rebooted. A quick scan with malwarebytes had detected 1 dll file (sorry didn't note the name). I did not see what combo fix had detected. It had come up asking for the reboot & so he restarted.
We booted from a SP2 disk. When it came to the recovery console, it detects 1. c:\winnt installation, but reboots when you choose 1. I got him to pull the hard drive out and plug it into another PC & run chkdsk. Found no problems & made no difference.

What should I do?

Edited by Pandy, 20 May 2010 - 09:30 PM.
Moved from AII to a more appropriate forum ~Pandy


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:15 AM

Posted 20 May 2010 - 05:27 PM

Hi lenardb,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

I should not probably tell you at this difficult moment that ComboFix is a great but powerful tool that should be run under supervision. If we have seen some logs prior to running ComboFix restoring the system was a piece of cake. But still we will restore it if you stay with me.

This is the first thing we want to try before we try anything else:


Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Last Known Good Configuration menu item.
  • Press the Enter key.
  • Log the computer boots and tell me exactly how far it goes. Describe everything on the screen.



#3 lenardb

lenardb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 May 2010 - 06:48 PM

Morning

F8 will not kick in. It posts with an Nvidia, and then an Intel brand page (when he starts hitting F8) but just flicks straight to the blinking cursor. I can hear him tapping the keyboard.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:15 AM

Posted 20 May 2010 - 07:05 PM

  1. We need to create an OTL Report
  2. If you have Nero:
    • Open Nero SmartStart.
    • Under Applications tab Select Nero Burning Rom
    • In the left pane CD-ROM (ISO) should be highlighted.
    • At the bottom of the open window click Open.
    • In the open window select desktop, highlight the rc.iso file on the desktop and click Open.
    • Put a blank CD in your computer burner and press Burn.
    • When the disk finishes, eject the CD.

  3. If you don't have Nero:
  4. Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
    • Please be patient as "Windows" loads
    • Your system should now display a REATOGO-X-PE desktop.
      Note: In case you did not get this screen your computer is not set to boot from CD-ROM and you should change the BIOS set up as describe in How to Set BIOS to Boot from CDROM
    • Double click on the OTLPE icon on your desktop.
    • When asked "Do you wish to load the remote registry", select Yes
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • On make sure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • For each section there are three options (None, SafeList and All). Change the following settings:
      • Set "Files Created Within" and "Files Modified Within" to "SafeList".
      • Set all the other sections to "All".
    • Copy and Paste the following code into the Custom Scan section. Do not include the word "Code"  

      Please note:  You can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

      CODE
      netsvcs
      %SYSTEMDRIVE%\*.exe
      %systemroot%\tasks\*.job
      /md5start
      iaStor.sys
      nvstor.sys
      atapi.sys
      disk.sys
      classpnp.sys
      kbdclass.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\*. /mp /s
    • Push runscan button
    • When finished, the file will be saved  in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the C:\OTL.txt file in your reply.


#5 lenardb

lenardb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 May 2010 - 09:13 PM

Hello

Computer is scanning.

Just a note with the instructions: When we ran the OTL program the options of the right side for "Files Created Within" & "Files Modified Within" do not have a "Safelist" dot box option. (The Registry, Extra Registry etc on the left do have the "Safelist" option). In the "Files Created/Modified area on the right, there is an option for "None", "By Date" (i think this is the wording), and "All". There is a pull down box at the top set to 30 days. We chose to leave it at "By Date" which is the middle option & hopefully the equivalent to "Safelist". Is that right?

Thanks.

#6 lenardb

lenardb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 20 May 2010 - 09:41 PM

Scan Results:

OTL logfile created on: 5/21/2010 2:02:01 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 84.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): D:\pagefile.sys 768 1137C:\pagefile.sys 2 2 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 25.00 Gb Total Space | 9.38 Gb Free Space | 37.52% Space Free | Partition Type: NTFS
Drive D: | 49.56 Gb Total Space | 43.82 Gb Free Space | 88.41% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.80 Gb Free Space | 96.49% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (All) ==========

SRV - [2010/05/19 01:04:48 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/02/04 21:06:00 | 000,135,664 | ---- | M] (Google Inc.) [Auto] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/06/10 02:32:40 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\wkssvc.dll -- (LanmanWorkstation)
SRV - [2009/04/30 03:24:08 | 000,182,768 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/02/09 06:20:34 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 06:20:34 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/09 06:20:33 | 000,616,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\advapi32.dll -- (Wmi)
SRV - [2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\services.exe -- (EventLog)
SRV - [2008/08/09 04:41:04 | 000,611,664 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/07/29 07:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 05:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 05:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/24 21:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/24 21:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/07 16:32:22 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 13:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/02/20 01:32:43 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2007/02/05 16:17:02 | 000,185,344 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\upnphost.dll -- (upnphost)
SRV - [2006/12/19 17:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\shsvcs.dll -- (Themes)
SRV - [2006/12/19 17:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2006/12/19 17:52:18 | 000,134,656 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2006/12/19 14:16:47 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2006/10/18 07:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/10/18 06:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/05 08:11:34 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/28 04:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2006/06/22 06:47:18 | 000,181,248 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\rasmans.dll -- (RasMan)
SRV - [2006/05/19 08:59:41 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2006/01/03 23:35:05 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\webclnt.dll -- (WebClient)
SRV - [2005/08/22 14:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\netman.dll -- (Netman)
SRV - [2005/07/08 12:27:56 | 000,249,344 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\tapisrv.dll -- (TapiSrv)
SRV - [2005/06/10 19:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\spoolsv.exe -- (Spooler)
SRV - [2005/05/04 00:45:36 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\System32\msiexec.exe -- (MSIServer)
SRV - [2005/04/03 10:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/12/07 15:32:34 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\srvsvc.dll -- (LanmanServer)
SRV - [2004/08/03 10:56:58 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\vssvc.exe -- (VSS)
SRV - [2004/08/03 10:56:58 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2004/08/03 10:56:58 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2004/08/03 10:56:58 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2004/08/03 10:56:58 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2004/08/03 10:56:58 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\ups.exe -- (UPS)
SRV - [2004/08/03 10:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\svchost.exe -- (wuauserv)
SRV - [2004/08/03 10:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINNT\system32\svchost.exe -- (HidServ)
SRV - [2004/08/03 10:56:56 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINNT\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2004/08/03 10:56:56 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINNT\system32\netdde.exe -- (NetDDE)
SRV - [2004/08/03 10:56:56 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\scardsvr.exe -- (SCardSvr)
SRV - [2004/08/03 10:56:54 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\msdtc.exe -- (MSDTC)
SRV - [2004/08/03 10:56:52 | 000,150,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\imapi.exe -- (ImapiService)
SRV - [2004/08/03 10:56:52 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2004/08/03 10:56:52 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2004/08/03 10:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\lsass.exe -- (SamSs)
SRV - [2004/08/03 10:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\lsass.exe -- (ProtectedStorage)
SRV - [2004/08/03 10:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\lsass.exe -- (PolicyAgent)
SRV - [2004/08/03 10:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\lsass.exe -- (NtLmSsp)
SRV - [2004/08/03 10:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\lsass.exe -- (netlogon)
SRV - [2004/08/03 10:56:50 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2004/08/03 10:56:50 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\System32\dllhost.exe -- (SwPrv)
SRV - [2004/08/03 10:56:50 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\System32\dllhost.exe -- (COMSysApp)
SRV - [2004/08/03 10:56:48 | 000,359,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2004/08/03 10:56:48 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\termsrv.dll -- (TermService)
SRV - [2004/08/03 10:56:48 | 000,174,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\w32time.dll -- (W32Time)
SRV - [2004/08/03 10:56:48 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2004/08/03 10:56:48 | 000,129,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\xmlprov.dll -- (xmlprov)
SRV - [2004/08/03 10:56:48 | 000,090,624 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\trkwks.dll -- (TrkWks)
SRV - [2004/08/03 10:56:48 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\wscsvc.dll -- (wscsvc)
SRV - [2004/08/03 10:56:48 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\alg.exe -- (ALG)
SRV - [2004/08/03 10:56:48 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\clipsrv.exe -- (ClipSrv)
SRV - [2004/08/03 10:56:48 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2004/08/03 10:56:48 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\cisvc.exe -- (cisvc)
SRV - [2004/08/03 10:56:46 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2004/08/03 10:56:46 | 000,382,464 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\qmgr.dll -- (BITS)
SRV - [2004/08/03 10:56:46 | 000,190,976 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\schedsvc.dll -- (Schedule)
SRV - [2004/08/03 10:56:46 | 000,170,496 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\srsvc.dll -- (srservice)
SRV - [2004/08/03 10:56:46 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\rasauto.dll -- (RasAuto)
SRV - [2004/08/03 10:56:46 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2004/08/03 10:56:46 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2004/08/03 10:56:46 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\sens.dll -- (SENS)
SRV - [2004/08/03 10:56:46 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2004/08/03 10:56:46 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\seclogon.dll -- (seclogon)
SRV - [2004/08/03 10:56:44 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2004/08/03 10:56:44 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINNT\system32\msgsvc.dll -- (Messenger)
SRV - [2004/08/03 10:56:44 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto] -- C:\WINNT\system32\dmserver.dll -- (dmserver)
SRV - [2004/08/03 10:56:44 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\ersvc.dll -- (ERSvc)
SRV - [2004/08/03 10:56:44 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\lmhsvc.dll -- (LmHosts)
SRV - [2004/08/03 10:56:42 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\appmgmts.dll -- (AppMgmt)
SRV - [2004/08/03 10:56:42 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\browser.dll -- (Browser)
SRV - [2004/08/03 10:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2004/08/03 10:56:42 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\audiosrv.dll -- (AudioSrv)
SRV - [2004/08/03 10:56:42 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINNT\system32\alrsvc.dll -- (Alerter)
SRV - [2004/07/14 21:42:00 | 000,114,755 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/11/03 02:43:02 | 000,106,496 | ---- | M] (Intel Corp.) [Auto] -- C:\Program Files\Intel\Intel® Active Monitor\imonNT.exe -- (imonNT) Intel®
SRV - [2003/03/31 08:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINNT\system32\rsvp.exe -- (RSVP)
SRV - [2003/03/31 08:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINNT\system32\mprdim.dll -- (RemoteAccess)
SRV - [2002/09/20 01:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [1998/11/27 09:43:52 | 004,964,624 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Binn\sqlservr.exe -- (MSSQLServer)
SRV - [1998/11/12 12:09:58 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Binn\sqlagent.exe -- (SQLServerAgent)
SRV - [1997/10/02 10:00:00 | 000,102,912 | ---- | M] (WRQ, Inc.) [On_Demand] -- C:\Program Files\Reflection\rninetd.exe -- (Reflection Servers)


========== Driver Services (All) ==========

DRV - File not found [Kernel | Disabled] -- -- (Xga)
DRV - File not found [Kernel | Disabled] -- -- (weitekp9)
DRV - File not found [Kernel | Disabled] -- -- (wdvga)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (wd90c24a)
DRV - File not found [Kernel | Disabled] -- -- (Wd33c93)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (v7vram)
DRV - File not found [Kernel | Disabled] -- -- (Ultra24f)
DRV - File not found [Kernel | Disabled] -- -- (Ultra14f)
DRV - File not found [Kernel | Disabled] -- -- (Ultra124)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (tmv1)
DRV - File not found [Kernel | Disabled] -- -- (tga)
DRV - File not found [Kernel | Disabled] -- -- (T13B)
DRV - File not found [Kernel | Disabled] -- -- (T128)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Spock)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (slcd32)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand] -- -- (Sermouse)
DRV - File not found [Kernel | System] -- -- (Scsiscan)
DRV - File not found [Kernel | Disabled] -- -- (s3)
DRV - File not found [Kernel | Disabled] -- -- (qv)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (psidisp)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (Parallel)
DRV - File not found [Kernel | Disabled] -- -- (Oliscsi)
DRV - File not found [Kernel | On_Demand] -- -- (NTACCESS)
DRV - File not found [Kernel | Boot] -- -- (NeroCdNt)
DRV - File not found [Kernel | Disabled] -- -- (Ncrc710)
DRV - File not found [Kernel | Disabled] -- -- (Ncrc700)
DRV - File not found [Kernel | Disabled] -- -- (ncr77c22)
DRV - File not found [Kernel | Disabled] -- -- (Ncr53c9x)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | Disabled] -- -- (mkecr5xx)
DRV - File not found [Kernel | Disabled] -- -- (mitsumi)
DRV - File not found [Kernel | Disabled] -- -- (mga_mil)
DRV - File not found [Kernel | Disabled] -- -- (mga)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (Jzvxl484)
DRV - File not found [Kernel | Disabled] -- -- (Jazzg364)
DRV - File not found [Kernel | Disabled] -- -- (Jazzg300)
DRV - File not found [Kernel | Disabled] -- -- (Inport)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
DRV - File not found [Kernel | Disabled] -- -- (flashpnt)
DRV - File not found [Kernel | Disabled] -- -- (Fd8xx)
DRV - File not found [Kernel | Disabled] -- -- (Fd7000ex)
DRV - File not found [Kernel | Disabled] -- -- (Fd16_700)
DRV - File not found [Kernel | Disabled] -- -- (et4000)
DRV - File not found [Kernel | Disabled] -- -- (dtc329x)
DRV - File not found [Kernel | Disabled] -- -- (DptScsi)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (Delldsa)
DRV - File not found [Kernel | Disabled] -- -- (Dell_DGX)
DRV - File not found [Kernel | Disabled] -- -- (dce376nt)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (cpqfws2e)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | Disabled] -- -- (cirrus)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | Disabled] -- -- (Busmouse)
DRV - File not found [Kernel | Disabled] -- -- (BusLogic)
DRV - File not found [Kernel | Disabled] -- -- (ati)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (Arrow)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (ami0nt)
DRV - File not found [Kernel | Disabled] -- -- (Always)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha174x)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINNT\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/12/31 12:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINNT\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 10:58:48 | 000,263,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/22 07:34:52 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/06/19 03:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot] -- C:\WINNT\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2007/12/18 05:51:35 | 000,179,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINNT\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/04/23 06:32:54 | 000,364,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\update.sys -- (update)
DRV - [2007/02/09 07:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) [File_System | Auto] -- C:\WINNT\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2006/09/28 05:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 04:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/08/21 05:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINNT\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2006/06/14 05:00:45 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2006/06/14 04:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\splitter.sys -- (splitter)
DRV - [2006/06/14 04:47:45 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2006/05/05 05:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINNT\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2006/02/14 20:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\aec.sys -- (aec)
DRV - [2005/06/10 00:09:46 | 000,139,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/09/29 18:28:37 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/17 22:53:51 | 000,177,920 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINNT\system32\drivers\timntr.sys -- (timounter)
DRV - [2004/08/17 22:53:51 | 000,065,856 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINNT\system32\drivers\snapman.sys -- (snapman)
DRV - [2004/08/17 22:53:51 | 000,027,040 | ---- | M] (Acronis) [File_System | Auto] -- C:\WINNT\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2004/08/03 11:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/03 11:01:08 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/03 11:01:08 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/03 09:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/03 09:15:54 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/03 09:15:22 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINNT\System32\drivers\mup.sys -- (Mup)
DRV - [2004/08/03 09:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/03 09:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/03 09:14:32 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/03 09:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/03 09:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/03 09:14:28 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/03 09:14:24 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/03 09:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINNT\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/03 09:14:12 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINNT\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/03 09:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2004/08/03 09:08:44 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/03 09:08:38 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/03 09:08:38 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/03 09:08:06 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/03 09:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/03 09:07:48 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINNT\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/03 09:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/03 09:07:48 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/03 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\AGP440.SYS -- (agp440)
DRV - [2004/08/03 09:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/03 09:07:38 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/03 09:07:18 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/03 09:07:18 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINNT\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/03 09:07:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/03 09:06:26 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINNT\system32\drivers\sr.sys -- (sr)
DRV - [2004/08/03 09:05:08 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/03 09:05:04 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/03 09:04:58 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/03 09:04:46 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/03 09:04:20 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/03 09:04:14 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/03 09:03:22 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINNT\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/03 09:03:14 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2004/08/03 09:01:16 | 000,196,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2004/08/03 09:00:48 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/03 09:00:44 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINNT\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/03 09:00:42 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINNT\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/03 09:00:32 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINNT\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/03 09:00:18 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/03 09:00:16 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/03 09:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\changer.sys -- (Changer)
DRV - [2004/08/03 09:00:08 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ip6fw.sys -- (ip6fw)
DRV - [2004/08/03 08:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/03 08:59:56 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/03 08:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/03 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/03 08:59:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINNT\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2004/08/03 08:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/08/03 08:59:28 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/03 08:59:28 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/03 08:59:20 | 000,036,096 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2004/08/03 08:59:18 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\processr.sys -- (Processor)
DRV - [2004/08/03 08:59:08 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/03 08:59:08 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\serenum.sys -- (serenum)
DRV - [2004/08/03 08:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/03 08:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/03 08:58:42 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/03 08:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/03 08:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/03 08:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/03 08:58:32 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/03 08:58:32 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/07/14 21:42:00 | 002,459,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/03 02:39:44 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINNT\system32\drivers\SIODRV.SYS -- (SIODRV)
DRV - [2003/10/14 16:10:02 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [2003/10/13 01:29:00 | 000,066,688 | R--- | M] (NETGEAR ) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\GA311ND5.SYS -- (RTL8023)
DRV - [2003/06/01 23:42:14 | 000,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/05/09 01:00:56 | 000,033,248 | ---- | M] (Sonic Focus, Inc) [Kernel | System] -- C:\WINNT\system32\drivers\sf.sys -- (sf)
DRV - [2003/03/31 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2003/03/31 08:00:00 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2003/03/31 08:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2003/03/31 08:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\fips.sys -- (Fips)
DRV - [2003/03/31 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2003/03/31 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2003/03/31 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2003/03/31 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2003/03/31 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/03/31 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\raspti.sys -- (Raspti)
DRV - [2003/03/31 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINNT\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2003/03/31 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2003/03/31 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINNT\system32\drivers\scsiprnt.sys -- (Scsiprnt)
DRV - [2003/03/31 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINNT\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2003/03/31 08:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2003/03/31 08:00:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ntapm.sys -- (NtApm)
DRV - [2003/03/31 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2003/03/31 08:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINNT\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2003/03/31 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINNT\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2003/03/31 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2003/03/31 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINNT\system32\drivers\dmload.sys -- (dmload)
DRV - [2003/03/31 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2003/03/31 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2003/03/31 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\beep.sys -- (Beep)
DRV - [2003/03/31 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\null.sys -- (Null)
DRV - [2003/03/31 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINNT\system32\winsock.dll -- (WinSock)
DRV - [2003/03/13 22:34:48 | 000,100,224 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2002/10/22 19:05:06 | 000,021,963 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\smb.sys -- (smbusp) Intel®
DRV - [2002/09/20 14:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2001/08/16 23:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/16 23:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2001/08/16 23:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/16 22:12:48 | 000,025,034 | ---- | M] (SMC Networks, Inc.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\smcpwr2n.sys -- (Smcpwr2n)
DRV - [1998/10/05 03:26:48 | 000,177,344 | R--- | M] (S3 Incorporated) [Kernel | System] -- C:\WINNT\system32\drivers\s3mini.sys -- (S3Inc)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://inside.toyota.com.au/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = file:C:\Program Files\Plus!\Microsoft Internet\docs\home.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com/access/allinone.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://inside.toyota.com.au/
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINNT\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.35.189:808

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = file:C:\Program Files\Plus!\Microsoft Internet\docs\home.htm
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = file:C:\Program Files\Plus!\Microsoft Internet\docs\home.htm
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\TOYOTA_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\TOYOTA_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com/access/allinone.htm
IE - HKU\TOYOTA_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\TOYOTA_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINNT\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\TOYOTA_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://inside.toyota.com.au/
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\user_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eldersweather.com.au/
IE - HKU\user_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINNT\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\user_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 18:00:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/05/19 01:04:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008/08/09 01:23:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/19 23:09:54 | 000,000,000 | ---D | M]

[2010/05/19 01:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/09 01:22:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/05/19 01:05:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/07/02 22:34:14 | 000,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2008/07/02 22:34:14 | 000,134,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/08/06 02:22:02 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2010/05/19 01:04:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/07/02 22:34:14 | 000,065,536 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/01/04 11:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 14:47:38 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2008/01/04 11:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 05:35:22 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2008/01/04 11:36:50 | 000,001,077 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 00:08:20 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2008/03/28 14:11:14 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2008/01/04 11:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/10/27 01:08:06 | 000,000,710 | ---- | M]) - C:\WINNT\system32\drivers\etc\HOSTS
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\TOYOTA_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\user_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\user_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF21192.cfx File not found
O4 - HKLM..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\user_ON_C..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\user_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\user_ON_C..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF21192.cfx File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeCaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LegalNoticeText =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ShutdownWithoutLogon = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\TOYOTA_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\TOYOTA_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\user_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\user_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINNT\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1161825314132 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1166062676828 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab (ActiveDataObj Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINNT\System32\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.35.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tmca.com.au
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINNT\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\ole db\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\Controls\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINNT\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINNT\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINNT\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINNT\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINNT\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINNT\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINNT\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINNT\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINNT\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINNT\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINNT\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINNT\System32\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINNT\System32\digest.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINNT\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINNT\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000/02/01 11:35:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINNT\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINNT\system32\ias [2004/08/16 02:21:31 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/19 23:16:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/19 23:11:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2010/05/19 23:11:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2010/05/19 23:11:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2010/05/19 23:11:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2010/05/19 23:11:26 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2010/05/19 23:11:25 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/05/19 23:11:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/19 22:38:13 | 000,000,000 | ---D | C] -- C:\WINNT\Profiles\user\Application Data\Malwarebytes
[2010/05/19 22:38:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/05/19 22:38:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/05/19 22:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/19 22:37:22 | 000,000,000 | RH-D | C] -- C:\WINNT\Profiles\user\Recent
[2010/05/19 19:43:56 | 000,000,000 | ---D | C] -- C:\WINNT\Profiles\user\.s3direct
[2010/05/19 01:55:16 | 000,000,000 | ---D | C] -- C:\Stressless
[2010/05/19 01:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/19 01:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/19 01:05:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaws.exe
[2010/05/19 01:05:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaw.exe
[2010/05/19 01:05:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\java.exe
[2010/05/19 01:05:08 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javacpl.cpl
[2010/05/19 00:51:06 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\deployJava1.dll
[6 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[19 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/20 00:58:02 | 003,932,160 | -H-- | M] () -- C:\WINNT\Profiles\user\NTUSER.DAT
[2010/05/20 00:58:02 | 000,524,288 | -H-- | M] () -- C:\WINNT\Profiles\NetworkService\NTUSER.DAT
[2010/05/20 00:58:02 | 000,524,288 | -H-- | M] () -- C:\WINNT\Profiles\LocalService\NTUSER.DAT
[2010/05/20 00:58:00 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/05/19 23:16:53 | 000,000,277 | RHS- | M] () -- C:\boot.ini
[2010/05/19 23:11:42 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/05/19 23:10:50 | 000,000,330 | -H-- | M] () -- C:\WINNT\tasks\MP Scheduled Scan.job
[2010/05/19 23:10:29 | 000,001,431 | ---- | M] () -- C:\WINNT\TOYOTA.INI
[2010/05/19 23:10:17 | 000,025,136 | ---- | M] () -- C:\WINNT\Profiles\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/19 23:09:52 | 000,001,374 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/05/19 23:09:37 | 000,000,796 | RHS- | M] () -- C:\WINNT\Profiles\user\ntuser.pol
[2010/05/19 23:07:36 | 000,150,792 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010/05/19 22:25:23 | 000,001,554 | ---- | M] () -- C:\WINNT\Profiles\user\Desktop\CCleaner.lnk
[2010/05/19 22:22:00 | 000,000,886 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/19 21:47:16 | 000,000,256 | ---- | M] () -- C:\WINNT\tasks\OGALogon.job
[2010/05/19 21:47:08 | 000,004,452 | ---- | M] () -- C:\WINNT\System32\nvapps.xml
[2010/05/19 21:47:00 | 000,000,882 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/19 21:45:12 | 000,000,278 | -HS- | M] () -- C:\WINNT\Profiles\user\ntuser.ini
[2010/05/19 21:45:07 | 003,765,882 | -H-- | M] () -- C:\WINNT\Profiles\user\Local Settings\Application Data\IconCache.db
[2010/05/19 21:02:24 | 000,000,431 | ---- | M] () -- C:\WINNT\SYSTEM.INI
[2010/05/19 19:43:55 | 000,001,778 | ---- | M] () -- C:\WINNT\Profiles\user\Desktop\Showroom Direct.lnk
[2010/05/19 17:30:10 | 000,000,256 | ---- | M] () -- C:\WINNT\tasks\OGADaily.job
[2010/05/19 01:44:05 | 000,000,664 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2010/05/19 01:04:48 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaws.exe
[2010/05/19 01:04:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaw.exe
[2010/05/19 01:04:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\java.exe
[2010/05/19 01:04:48 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javacpl.cpl
[2010/05/19 01:04:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\deployJava1.dll
[2010/05/11 03:28:18 | 007,429,120 | ---- | M] () -- C:\WINNT\Profiles\user\Desktop\TSA forecast V3c.xls
[2010/05/11 01:01:15 | 005,414,837 | ---- | M] () -- C:\WINNT\Profiles\user\Desktop\TSA Dealer_Operations_Manual.pdf
[2010/05/05 20:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\MpSigStub.exe
[2010/04/29 01:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/04/29 01:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/04/26 01:58:12 | 000,256,512 | ---- | M] () -- C:\WINNT\PEV.exe
[6 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[19 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/19 23:16:53 | 000,000,207 | ---- | C] () -- C:\Boot.bak
[2010/05/19 23:16:51 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/19 23:11:33 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
[2010/05/19 23:11:33 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2010/05/19 23:11:33 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2010/05/19 23:11:33 | 000,077,312 | ---- | C] () -- C:\WINNT\MBR.exe
[2010/05/19 23:11:33 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2010/05/19 22:25:23 | 000,001,554 | ---- | C] () -- C:\WINNT\Profiles\user\Desktop\CCleaner.lnk
[2010/05/19 19:43:55 | 000,001,778 | ---- | C] () -- C:\WINNT\Profiles\user\Desktop\Showroom Direct.lnk
[2010/05/19 01:37:55 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2009/10/09 00:18:45 | 000,000,031 | ---- | C] () -- C:\WINNT\ifmepc32.ini
[2009/08/20 21:28:10 | 000,000,796 | RHS- | C] () -- C:\WINNT\Profiles\TOYOTA\ntuser.pol
[2008/12/31 03:04:42 | 000,691,560 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.dll
[2008/08/11 05:35:25 | 000,000,796 | RHS- | C] () -- C:\WINNT\Profiles\user\ntuser.pol
[2008/08/11 05:28:55 | 000,005,120 | -HS- | C] () -- C:\Program Files\Thumbs.db
[2005/04/06 02:38:58 | 000,005,120 | ---- | C] () -- C:\WINNT\Profiles\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/17 22:53:51 | 000,037,888 | ---- | C] () -- C:\WINNT\System32\setupnt.dll
[2004/08/16 01:14:25 | 000,000,178 | -HS- | C] () -- C:\WINNT\Profiles\TOYOTA\ntuser.ini
[2004/08/16 01:14:21 | 000,008,192 | -H-- | C] () -- C:\WINNT\Profiles\TOYOTA\NTUSER.DAT.LOG
[2004/08/16 01:14:20 | 001,048,576 | -H-- | C] () -- C:\WINNT\Profiles\TOYOTA\NTUSER.DAT
[2004/08/16 00:49:18 | 000,000,278 | -HS- | C] () -- C:\WINNT\Profiles\user\ntuser.ini
[2004/08/16 00:49:13 | 003,932,160 | -H-- | C] () -- C:\WINNT\Profiles\user\NTUSER.DAT
[2004/08/16 00:49:13 | 000,024,576 | -H-- | C] () -- C:\WINNT\Profiles\user\NTUSER.DAT.LOG
[2004/08/16 00:44:12 | 000,000,020 | -HS- | C] () -- C:\WINNT\Profiles\LocalService\ntuser.ini
[2004/08/16 00:44:11 | 000,524,288 | -H-- | C] () -- C:\WINNT\Profiles\LocalService\NTUSER.DAT
[2004/08/16 00:44:11 | 000,008,192 | -H-- | C] () -- C:\WINNT\Profiles\LocalService\ntuser.dat.LOG
[2004/08/16 00:44:11 | 000,000,020 | -HS- | C] () -- C:\WINNT\Profiles\NetworkService\ntuser.ini
[2004/08/16 00:44:09 | 000,524,288 | -H-- | C] () -- C:\WINNT\Profiles\NetworkService\NTUSER.DAT
[2004/08/16 00:44:09 | 000,008,192 | -H-- | C] () -- C:\WINNT\Profiles\NetworkService\ntuser.dat.LOG
[2004/08/15 23:59:22 | 000,000,000 | ---- | C] () -- C:\WINNT\MSINFO32.INI
[2004/03/02 20:41:27 | 000,001,097 | ---- | C] () -- C:\WINNT\saplogon.ini
[2004/03/02 20:39:25 | 000,175,616 | ---- | C] () -- C:\WINNT\System32\h5menu32.dll
[2004/03/02 20:39:25 | 000,095,744 | ---- | C] () -- C:\WINNT\System32\h5rtf32.dll
[2004/03/02 20:39:25 | 000,051,200 | ---- | C] () -- C:\WINNT\System32\h5tool32.dll
[2004/03/02 20:39:24 | 001,064,960 | ---- | C] () -- C:\WINNT\System32\h5krnl32.dll
[2004/03/02 20:39:24 | 000,188,928 | ---- | C] () -- C:\WINNT\System32\h5icon32.dll
[2003/01/09 21:01:42 | 000,000,296 | ---- | C] () -- C:\WINNT\hpbafd.ini
[2002/10/06 20:08:22 | 000,088,064 | ---- | C] () -- C:\WINNT\System32\IMAGE32.DLL
[2002/10/06 20:08:22 | 000,063,328 | ---- | C] () -- C:\WINNT\System32\Image16.dll
[2002/10/06 20:08:22 | 000,044,032 | ---- | C] () -- C:\WINNT\System32\DTECK32.DLL
[2002/10/06 20:08:21 | 000,020,992 | ---- | C] () -- C:\WINNT\System32\dtLicCli.Dll
[2002/10/04 21:43:12 | 000,000,869 | ---- | C] () -- C:\WINNT\PartFind.INI
[2002/05/14 23:02:55 | 000,122,936 | ---- | C] () -- C:\WINNT\System32\msows409.dll
[2002/05/14 23:00:50 | 000,057,344 | ---- | C] () -- C:\WINNT\System32\icmfilter.dll
[2002/03/07 20:15:15 | 000,001,094 | -H-- | C] () -- C:\Program Files\cchaoci.dat
[2002/02/21 00:43:51 | 001,741,878 | ---- | C] () -- C:\Program Files\LOGO.bmp
[2001/08/27 23:54:23 | 000,000,160 | ---- | C] () -- C:\WINNT\AtlasDB.INI
[2001/03/22 17:56:35 | 000,000,000 | ---- | C] () -- C:\WINNT\AutoRun.INI
[2000/10/13 01:01:35 | 000,001,431 | ---- | C] () -- C:\WINNT\TOYOTA.INI
[2000/04/29 20:24:44 | 000,000,248 | ---- | C] () -- C:\WINNT\entpack.ini
[2000/04/27 21:28:26 | 000,017,920 | ---- | C] () -- C:\WINNT\System32\IMPLODE.DLL
[2000/02/16 04:01:09 | 000,000,224 | ---- | C] () -- C:\WINNT\netscape.INI
[2000/02/16 02:03:17 | 000,000,647 | ---- | C] () -- C:\WINNT\alviewer.ini
[2000/02/16 02:03:17 | 000,000,516 | ---- | C] () -- C:\WINNT\archlink.ini
[2000/02/16 02:03:17 | 000,000,114 | ---- | C] () -- C:\WINNT\front.ini
[2000/02/16 02:03:08 | 000,000,059 | ---- | C] () -- C:\WINNT\F1HELP.INI
[2000/02/16 02:03:06 | 000,001,815 | ---- | C] () -- C:\WINNT\SAPDOCCD.INI
[2000/02/16 02:02:47 | 000,015,872 | ---- | C] () -- C:\WINNT\System32\VTSSM32.DLL
[2000/02/16 01:55:38 | 000,021,504 | ---- | C] () -- C:\WINNT\System32\SWFF3250.DLL
[2000/02/16 01:55:38 | 000,004,501 | ---- | C] () -- C:\WINNT\System32\pndx5016.dll
[2000/02/16 01:55:14 | 000,000,056 | ---- | C] () -- C:\WINNT\Nscal.ini
[2000/02/16 01:34:41 | 000,000,123 | ---- | C] () -- C:\WINNT\WRQ.INI
[2000/02/16 01:34:23 | 000,022,752 | ---- | C] () -- C:\WINNT\System32\drivers\wrqdft.sys
[2000/02/16 01:34:23 | 000,014,336 | ---- | C] () -- C:\WINNT\System32\drivers\wrqdftvd.dll
[2000/02/01 11:26:03 | 000,000,003 | ---- | C] () -- C:\WINNT\WINFILE.INI
[2000/02/01 03:22:40 | 000,000,956 | ---- | C] () -- C:\WINNT\ODBC.INI
[2000/02/01 02:43:59 | 000,049,616 | ---- | C] () -- C:\WINNT\System32\jcb.dll
[2000/02/01 02:43:59 | 000,048,088 | ---- | C] () -- C:\WINNT\System32\dscvr.dll
[2000/02/01 02:43:56 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\FDECTSP.DLL
[2000/02/01 02:43:56 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\VDOPLSTR.DLL
[2000/02/01 02:43:55 | 000,003,544 | ---- | C] () -- C:\WINNT\msmusctl.ini
[2000/02/01 02:42:34 | 000,000,000 | RH-- | C] () -- C:\Program Files\Common Files\MSCREATE.DIR
[2000/02/01 01:22:42 | 001,716,224 | ---- | C] () -- C:\WINNT\System32\s3vogl.dll
[2000/02/01 00:55:38 | 000,749,568 | ---- | C] () -- C:\WINNT\Profiles\Administrator\NTUSER.DAT
[2000/02/01 00:55:38 | 000,143,360 | ---- | C] () -- C:\WINNT\Profiles\Administrator\ntuser.dat.LOG
[2000/01/30 22:20:56 | 000,014,965 | ---- | C] () -- C:\WINNT\msjaime.ini
[1999/04/21 21:28:28 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\vidx16.dll

========== LOP Check ==========

[2002/03/11 17:31:18 | 000,000,000 | ---D | M] -- C:\WINNT\Profiles\Administrator\Application Data\InterTrust
[2008/06/26 22:36:35 | 000,000,000 | ---D | M] -- C:\WINNT\Profiles\user\Application Data\GetRightToGo
[2005/05/05 21:39:32 | 000,000,268 | ---- | M] () -- C:\WINNT\Tasks\LiveUpdate - Norton AntiVirus.job
[2010/05/19 23:10:50 | 000,000,330 | -H-- | M] () -- C:\WINNT\Tasks\MP Scheduled Scan.job
[2010/05/19 17:30:10 | 000,000,256 | ---- | M] () -- C:\WINNT\Tasks\OGADaily.job
[2010/05/19 21:47:16 | 000,000,256 | ---- | M] () -- C:\WINNT\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[1992/04/09 15:10:00 | 000,014,135 | ---- | M] () -- C:\ATTR.EXE
[1998/12/04 00:17:40 | 000,082,000 | ---- | M] () -- C:\Uninstal.EXE

< %systemroot%\tasks\*.job >
[2010/05/19 21:47:00 | 000,000,882 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/19 22:22:00 | 000,000,886 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2005/05/05 21:39:32 | 000,000,268 | ---- | M] () -- C:\WINNT\tasks\LiveUpdate - Norton AntiVirus.job
[2010/05/19 23:10:50 | 000,000,330 | -H-- | M] () -- C:\WINNT\tasks\MP Scheduled Scan.job
[2010/05/19 17:30:10 | 000,000,256 | ---- | M] () -- C:\WINNT\tasks\OGADaily.job
[2010/05/19 21:47:16 | 000,000,256 | ---- | M] () -- C:\WINNT\tasks\OGALogon.job


< MD5 for: AGP440.SYS >
[2004/08/03 11:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 11:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/03 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2004/08/03 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\dllcache\agp440.sys
[2004/08/03 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\drivers\AGP440.SYS
[2004/08/03 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\ReinstallBackups\0015\DriverFiles\i386\AGP440.SYS
[2003/03/31 08:00:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINNT\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/03 11:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 11:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:atapi.sys
[2003/03/31 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINNT\$NtServicePackUninstall$\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[1996/10/13 10:38:00 | 000,018,352 | R--- | M] (Microsoft Corporation) MD5=BEA2F4302EDDCB23E617500A1424EAFB -- C:\I386\ATAPI.SYS
[2004/08/03 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Qoobox\32788R22FWJFW\atapi.sys
[2004/08/03 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2004/08/03 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\dllcache\atapi.sys
[2004/08/03 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\drivers\atapi.sys
[2004/08/03 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2004/08/03 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: CLASSPNP.SYS >
[2003/03/31 08:00:00 | 000,046,336 | ---- | M] (Microsoft Corporation) MD5=4E86B33AFF1A6AF46889CBCF90F0C8F0 -- C:\WINNT\$NtServicePackUninstall$\classpnp.sys
[2004/08/03 09:14:28 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINNT\ServicePackFiles\i386\classpnp.sys
[2004/08/03 09:14:28 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINNT\system32\drivers\classpnp.sys
[2008/04/13 15:16:22 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=FE47DD8FE6D7768FF94EBEC6C74B2719 -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\classpnp.sys
[2008/04/13 15:16:22 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=FE47DD8FE6D7768FF94EBEC6C74B2719 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\classpnp.sys

< MD5 for: DISK.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/03 11:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/03 11:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:disk.sys
[2004/08/03 08:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Qoobox\32788R22FWJFW\disk.sys
[2004/08/03 08:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINNT\ServicePackFiles\i386\disk.sys
[2004/08/03 08:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINNT\system32\drivers\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\disk.sys
[1996/10/13 10:38:00 | 000,014,928 | R--- | M] (Microsoft Corporation) MD5=61384A66802D057615309468A390808C -- C:\I386\DISK.SYS
[2003/03/31 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=D1B16340CEACEECBF52340A0CBDF43E1 -- C:\WINNT\$NtServicePackUninstall$\disk.sys

< MD5 for: KBDCLASS.SYS >
[2003/03/31 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp1.cab:kbdclass.sys
[2004/08/03 11:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:kbdclass.sys
[2004/08/03 11:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp2.cab:kbdclass.sys
[2003/03/31 08:00:00 | 000,023,424 | ---- | M] (Microsoft Corporation) MD5=1E7F78C2FC393356CD884C6FDE7966F9 -- C:\WINNT\$NtServicePackUninstall$\kbdclass.sys
[2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINNT\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\kbdclass.sys
[2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- C:\WINNT\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[2004/08/03 08:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=EBDEE8A2EE5393890A1ACEE971C4C246 -- C:\Qoobox\32788R22FWJFW\kbdclass.sys
[2004/08/03 08:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=EBDEE8A2EE5393890A1ACEE971C4C246 -- C:\WINNT\ServicePackFiles\i386\kbdclass.sys
[2004/08/03 08:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=EBDEE8A2EE5393890A1ACEE971C4C246 -- C:\WINNT\system32\drivers\kbdclass.sys
[1996/10/13 10:38:00 | 000,009,296 | R--- | M] (Microsoft Corporation) MD5=FACEFE4D8CF55981DE8A5E9F73E609B2 -- C:\I386\KBDCLASS.SYS

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINNT\Profiles\user\Desktop\YEAR0001.pif:SummaryInformation
< End of report >


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:15 AM

Posted 21 May 2010 - 04:48 AM

Thanks for the feedback on settings and well done. thumbup2.gif

Is this an upgrade from earlier Windows to XP? I'm not sure but it might have contributed to the problem.

Insert your flash drive to the working computer.
Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:


CODE
@echo off
type C:\WINNT\ERDNT\hiv-backup\erdnt.con >log.txt
dir /a/s C:\Qoobox >>log.txt
start log.txt

  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: Flsh drive
  • Save as type: All file types (*.*)
  • Fill in File name: look.bat
  • Click save.
  • Close the Notepad.
  • Take out your flash drive and insert it to the problem computer.
  • Double-click on My Computer icon on the desktop, open your flash drive.
  • Double-click on look.bat, wait until a text file opens. A copy will be made on your flash drive (log.txt).
  • Attach or copy and paste the content to your reply.



#8 lenardb

lenardb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 May 2010 - 05:12 AM

Results:

copy "C:\WINNT\system32\config\SECURITY" "C:\WINNT\system32\config\SECURITY.bak"
copy "SECURITY" "C:\WINNT\system32\config\SECURITY"
copy "C:\WINNT\system32\config\software" "C:\WINNT\system32\config\software.bak"
copy "software" "C:\WINNT\system32\config\software"
copy "C:\WINNT\system32\config\system" "C:\WINNT\system32\config\system.bak"
copy "system" "C:\WINNT\system32\config\system"
copy "C:\WINNT\system32\config\default" "C:\WINNT\system32\config\default.bak"
copy "default" "C:\WINNT\system32\config\default"
copy "C:\WINNT\system32\config\SAM" "C:\WINNT\system32\config\SAM.bak"
copy "SAM" "C:\WINNT\system32\config\SAM"
Volume in drive C has no label.
Volume Serial Number is 5C7C-16B8

Directory of c:\Qoobox

20/05/2010 01:11 PM <DIR> .
20/05/2010 01:11 PM <DIR> ..
20/05/2010 01:18 PM <DIR> 32788R22FWJFW
20/05/2010 01:12 PM <DIR> BackEnv
20/05/2010 01:11 PM <DIR> LastRun
20/05/2010 01:11 PM <DIR> Quarantine
20/05/2010 01:11 PM <DIR> Test
20/05/2010 01:11 PM <DIR> TestC
0 File(s) 0 bytes

Directory of c:\Qoobox\32788R22FWJFW

20/05/2010 01:18 PM <DIR> .
20/05/2010 01:18 PM <DIR> ..
03/08/2004 11:07 PM 187,776 acpi.sys
14/08/2008 07:51 PM 138,368 afd.sys
03/08/2004 10:59 PM 95,360 atapi.sys
03/08/2004 10:59 PM 49,536 cdrom.sys
03/08/2004 10:59 PM 36,352 disk.sys
03/08/2004 11:07 PM 153,344 dmio.sys
21/08/2006 07:14 PM 128,896 fltmgr.sys
31/03/2003 10:00 PM 125,056 ftdisk.sys
03/08/2004 11:14 PM 52,736 i8042prt.sys
03/08/2004 11:00 PM 41,856 imapi.sys
03/08/2004 10:59 PM 36,096 intelppm.sys
03/08/2004 11:14 PM 74,752 ipsec.sys
17/08/2001 01:58 PM 35,840 isapnp.sys
03/08/2004 10:58 PM 24,576 kbdclass.sys
03/08/2004 10:58 PM 23,040 mouclass.sys
24/02/2010 10:31 PM 454,016 mrxsmb.sys
03/08/2004 11:03 PM 34,560 netbios.sys
03/08/2004 11:14 PM 162,816 netbt.sys
19/06/2008 05:24 PM 28,544 pavboot.sys
03/08/2004 11:07 PM 68,224 pci.sys
17/08/2001 01:51 PM 3,328 pciide.sys
31/03/2003 10:00 PM 8,832 rasacd.sys
05/05/2006 07:47 PM 174,592 rdbss.sys
31/03/2003 10:00 PM 4,224 rdpcdd.sys
03/08/2004 10:59 PM 57,472 redbook.sys
03/08/2004 11:15 PM 64,896 serial.sys
09/05/2003 03:00 PM 33,248 sf.sys
18/08/2004 12:53 PM 65,856 snapman.sys
03/08/2004 11:06 PM 73,472 sr.sys
20/06/2008 08:45 PM 360,320 tcpip.sys
04/08/2004 01:01 AM 40,840 termdd.sys
18/08/2004 12:53 PM 177,920 timntr.sys
03/08/2004 11:07 PM 20,992 vga.sys
33 File(s) 3,037,736 bytes

Directory of c:\Qoobox\BackEnv

20/05/2010 01:12 PM <DIR> .
20/05/2010 01:12 PM <DIR> ..
20/05/2010 01:12 PM 195 appdata.folder.dat
20/05/2010 01:12 PM 290 cache.folder.dat
20/05/2010 01:12 PM 120 Cookies.folder.dat
20/05/2010 01:12 PM 73 desktop.folder.dat
20/05/2010 01:12 PM 77 favorites.folder.dat
20/05/2010 01:12 PM 192 localappdata.folder.dat
20/05/2010 01:12 PM 198 localsettings.folder.dat
20/05/2010 01:12 PM 104 mypictures.folder.dat
20/05/2010 01:12 PM 80 personal.folder.dat
20/05/2010 01:11 PM 250 Profiles.Folder.dat
20/05/2010 01:12 PM 411 Profiles.Folder.folder.dat
20/05/2010 01:12 PM 151 programs.folder.dat
20/05/2010 01:11 PM 5,369 SetPath.bat
20/05/2010 01:12 PM 124 startmenu.folder.dat
20/05/2010 01:12 PM 113 startup.folder.dat
20/05/2010 01:11 PM 1,668 SysPath.dat
20/05/2010 01:12 PM 77 templates.folder.dat
17 File(s) 9,492 bytes

Directory of c:\Qoobox\LastRun

20/05/2010 01:11 PM <DIR> .
20/05/2010 01:11 PM <DIR> ..
0 File(s) 0 bytes

Directory of c:\Qoobox\Quarantine

20/05/2010 01:11 PM <DIR> .
20/05/2010 01:11 PM <DIR> ..
20/05/2010 01:18 PM <DIR> C
20/05/2010 01:11 PM 51 catchme.log
20/05/2010 01:11 PM <DIR> Registry_backups
1 File(s) 51 bytes

Directory of c:\Qoobox\Quarantine\C

20/05/2010 01:18 PM <DIR> .
20/05/2010 01:18 PM <DIR> ..
20/05/2010 01:18 PM <DIR> WINNT
0 File(s) 0 bytes

Directory of c:\Qoobox\Quarantine\C\WINNT

20/05/2010 01:18 PM <DIR> .
20/05/2010 01:18 PM <DIR> ..
20/05/2010 01:18 PM <DIR> system32
0 File(s) 0 bytes

Directory of c:\Qoobox\Quarantine\C\WINNT\system32

20/05/2010 01:18 PM <DIR> .
20/05/2010 01:18 PM <DIR> ..
20/05/2010 01:18 PM <DIR> Drivers
0 File(s) 0 bytes

Directory of c:\Qoobox\Quarantine\C\WINNT\system32\Drivers

20/05/2010 01:18 PM <DIR> .
20/05/2010 01:18 PM <DIR> ..
0 File(s) 0 bytes

Directory of c:\Qoobox\Quarantine\Registry_backups

20/05/2010 01:11 PM <DIR> .
20/05/2010 01:11 PM <DIR> ..
0 File(s) 0 bytes

Directory of c:\Qoobox\Test

20/05/2010 01:11 PM <DIR> .
20/05/2010 01:11 PM <DIR> ..
0 File(s) 0 bytes

Directory of c:\Qoobox\TestC

20/05/2010 01:11 PM <DIR> .
20/05/2010 01:11 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
51 File(s) 3,047,279 bytes
35 Dir(s) 10,070,721,536 bytes free


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:15 AM

Posted 21 May 2010 - 07:35 AM

Looks ComboFix hardly has touched anything of importance.

Let's take a look at MBAM log(s) too before trying a recovery action.

Please make a batch file as you made before with the following syntax and post the log.

QUOTE
@echo off
type "C:\WINNT\Profiles\user\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\logs\*.txt" >log.txt 2>&1
type c:\boot.ini >>log.txt


If you run the batch file from the flash drive the log (log.txt) will be made there.

Edited by farbar, 21 May 2010 - 11:19 AM.
Editted to add a second line


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:15 AM

Posted 21 May 2010 - 11:20 AM

Just wanted to let you know I edited the previous post to add a second line to the syntax to check the boot.ini file.

#11 lenardb

lenardb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 May 2010 - 04:57 PM

Morning

Lost contact with the computer over night.

Malwarebytes Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4118

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

20/05/2010 12:48:43 PM
mbam-log-2010-05-20 (12-48-43).txt

Scan type: Quick scan
Objects scanned: 135091
Time elapsed: 6 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\owcstp16.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.


BOOT INI
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Thanks.

#12 lenardb

lenardb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 May 2010 - 05:03 PM

Oh forgot,

(a) I agree not to stuff around with the computer while we go through the procedure.
(cool.gif Yes, I believe it was an upgrade from NT originally, & has been added to over the years.

Thanks for the help!

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:15 AM

Posted 21 May 2010 - 06:05 PM

We are going to restore the system back to see if it boots.
  1. Please set your system to show all files:
    • Open My Computer on the desktop, select the Tools menu and click Folder Options.
    • Select the View Tab. Under the Hidden files and folders heading, check Show hidden files and folders.
    • Uncheck: Hide file extensions for known file types
    • Uncheck: Hide protected operating system files (recommended) option.
    • Click Yes to confirm.

  2. Open C drive. Note that you have to be precise with the following operation.
    Right-click boot.ini =>properties => Uncheck Read-only and close it. Right-click boot.ini again and rename it to boot.old

    There is another file with the name of boot.bak (boot.bak is your own boot file before running ComboFix), right-click boot.bak and rename it to boot.ini

  3. Go to the following folder and open it: C:\WINNT\ERDNT\hiv-backup

    There is a file called ERDNT.exe, double-click it and then click 3 times to the 3 prompt.

  4. Shut-down the computer, remove the boot CD and let the computer boot. Tell me how far it goes.


#14 lenardb

lenardb
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 May 2010 - 06:38 PM

Hello

Did restore. No effect. Still stopping with the flashing cursor.

Thanks.

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:15 AM

Posted 21 May 2010 - 06:54 PM

I need you to give me proper feedback. The logs are not showing any unusual thing.

Tell me if the Windows logo comes up at all. That is where it shows the load bar.

This is a desktop computer isn't it?

Can you get to BIOS set up? F12 or F2 are the keys used to get to it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users