Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Booting into Safe Mode with Networking Resulting in BSOD.


  • This topic is locked This topic is locked
16 replies to this topic

#1 zomgsupersack

zomgsupersack

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 21 May 2010 - 11:42 PM

My computer started getting this pop-ups saying:

"Application cannot be executed. The file ????.exe is infected"

where the "????" was the file I was trying to open. Along with this, there was a false Anti-Spyware scan running in the background and an icon in the System Tray saying Windows is infected, which I am pretty sure was fake as well.

Now, my question is how can I fix this without the use of reformatting? As the topic title suggests, all attempts to boot Windows normally or into Safe Mode with Networking results in a BSOD. The BSOD suggests running a hardware diagnostic utility (not completely sure on it) and removing all newly installed hardware and software.

I am able to use CDs which can hopefully transfer the anti-spyware software among other applications from my current computer to the infected computer (as I'm sure this is not a hardware/software problem, but a virus).

Notes:
- Only Safe Mode works (no 'with Networking; gives BSOD). Thus, I cannot connect to the internet on that computer.
- I, foolishly, do not use any AntiVirus software. I do, however, use Spyware S&D and the TeaTimer it offers.

Any help is greatly appreciated! And I am willing to ask any questions to the best of my ability.

Thank you in advance.

EDIT: I looked around and the words AntiVirus XP 2010 sounded familiar so it might be that. A lot of people have been saying to run Malwarebytes and make sure it is updated, but I cannot since I can't even go to Safe Mode with Networking, let alone starting windows normally, so I'm assuming that there is another virus/malware. I might be getting fake BSODs because I read somewhere that the AntiVirus XP 2010 does that.
So if/when I receive help, please note that I cannot use the internet on that computer. Thank you!

Edited by zomgsupersack, 22 May 2010 - 09:59 AM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:56 PM

Posted 22 May 2010 - 08:56 PM

Hi, zomgsupersack smile.gif

welcome.gif

Lets give this a try. We can help you throughout an External Environment. You will need to burn a boot CD with especial tools. You will also need a flash drive to move information from the troubled computer to a working computer. It is the only way we can see the progress of our actions. Save these instructions in your flash drive as a text file (use notepad) so you can have access to these while in an external environment (PE).

Here is what you need to do.
  • Download OTLPEStd.exe to your desktop. NOTE: This file is 93.1MB in size so it may take some time to download.
  • Once downloaded, insert a blank CD in your burner and click on OTLPEStd.exe.The executable includes the OTLPE_New_Std.iso and a copy of imgburn, a program to burn .iso files. When executed, the application will extract both and start the burning process automatically.
  • Once the CD is burned, boot the Non working computer using the boot CD you just created.
  • In order to do so, the computer must be set to boot from the CD first
    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standart Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      ntoskrnl.exe
      /md5stop
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      %systemroot%\System32\config\*.sav
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 zomgsupersack

zomgsupersack
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 23 May 2010 - 04:23 PM

Everything started working fine until I got to the step that instructed me to save the new .txt file onto my flash drive. I could not locate the file. I searched for it using the 'Search' function and the 'Run' function to no avail. Could it be a typo or something in the last 3 lines of the Custom Scan box? Those lines seem to serve a purpose, but I don't know.

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:56 PM

Posted 23 May 2010 - 05:18 PM

Right click on the Start button and select Explore, Navigate to the drive letter assigned to your flash drive once inserted, locate the file and open the document.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 zomgsupersack

zomgsupersack
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 23 May 2010 - 06:05 PM

Ohhh, so that's where it was. Haha.

Here are the contents of the OTL file...

OTL logfile created on: 5/23/2010 4:09:21 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive C: | 232.82 Gb Total Space | 165.45 Gb Free Space | 71.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1.87 Gb Total Space | 0.95 Gb Free Space | 50.71% Space Free | Partition Type: FAT
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (xmlprov)
SRV - File not found [Auto] -- -- (WZCSVC)
SRV - File not found [On_Demand] -- -- (WudfSvc)
SRV - File not found [Auto] -- -- (wuauserv)
SRV - File not found [Auto] -- -- (wscsvc)
SRV - File not found [On_Demand] -- -- (WMPNetworkSvc)
SRV - File not found [On_Demand] -- -- (WmiApSrv)
SRV - File not found [On_Demand] -- -- (Wmi)
SRV - File not found [On_Demand] -- -- (WmdmPmSN)
SRV - File not found [Auto] -- -- (winmgmt)
SRV - File not found [Auto] -- -- (WebClient)
SRV - File not found [Auto] -- -- (W32Time)
SRV - File not found [On_Demand] -- -- (VSS)
SRV - File not found [Auto] -- -- (Viewpoint Manager Service)
SRV - File not found [On_Demand] -- -- (UPS)
SRV - File not found [On_Demand] -- -- (upnphost)
SRV - File not found [Auto] -- -- (TrkWks)
SRV - File not found [Disabled] -- -- (TlntSvr)
SRV - File not found [Auto] -- -- (Themes)
SRV - File not found [On_Demand] -- -- (TermService)
SRV - File not found [On_Demand] -- -- (TapiSrv)
SRV - File not found [On_Demand] -- -- (SysmonLog)
SRV - File not found [On_Demand] -- -- (SwPrv)
SRV - File not found [On_Demand] -- -- (stisvc) Windows Image Acquisition (WIA)
SRV - File not found [Auto] -- -- (SSDPSRV)
SRV - File not found [Auto] -- -- (srservice)
SRV - File not found [Auto] -- -- (Spooler)
SRV - File not found [Auto] -- -- (ShellHWDetection)
SRV - File not found [Auto] -- -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - File not found [Auto] -- -- (SENS)
SRV - File not found [Auto] -- -- (seclogon)
SRV - File not found [Auto] -- -- (Schedule)
SRV - File not found [On_Demand] -- -- (SCardSvr)
SRV - File not found [Auto] -- -- (SamSs)
SRV - File not found [On_Demand] -- -- (RSVP)
SRV - File not found [Auto] -- -- (RpcSs) Remote Procedure Call (RPC)
SRV - File not found [On_Demand] -- -- (RpcLocator) Remote Procedure Call (RPC)
SRV - File not found [Auto] -- -- (RemoteRegistry)
SRV - File not found [Disabled] -- -- (RemoteAccess)
SRV - File not found [On_Demand] -- -- (RDSessMgr)
SRV - File not found [On_Demand] -- -- (RasMan)
SRV - File not found [On_Demand] -- -- (RasAuto)
SRV - File not found [Auto] -- -- (ProtectedStorage)
SRV - File not found [Auto] -- -- (PolicyAgent)
SRV - File not found [Auto] -- -- (PlugPlay)
SRV - File not found [On_Demand] -- -- (ose)
SRV - File not found [Auto] -- -- (NVSvc)
SRV - File not found [Disabled] -- -- (NtmsSvc)
SRV - File not found [On_Demand] -- -- (NtLmSsp)
SRV - File not found [On_Demand] -- -- (npggsvc)
SRV - File not found [On_Demand] -- -- (Nla) Network Location Awareness (NLA)
SRV - File not found [Disabled] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand] -- -- (Netman)
SRV - File not found [On_Demand] -- -- (Netlogon)
SRV - File not found [Disabled] -- -- (NetDDEdsdm)
SRV - File not found [Disabled] -- -- (NetDDE)
SRV - File not found [On_Demand] -- -- (MSIServer)
SRV - File not found [On_Demand] -- -- (MSDTC)
SRV - File not found [On_Demand] -- -- (mnmsrvc)
SRV - File not found [On_Demand] -- -- (MHN)
SRV - File not found [Disabled] -- -- (Messenger)
SRV - File not found [Auto] -- -- (McrdSvc)
SRV - File not found [Auto] -- -- (LmHosts)
SRV - File not found [Auto] -- -- (lanmanworkstation)
SRV - File not found [Auto] -- -- (lanmanserver)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand] -- -- (ImapiService)
SRV - File not found [On_Demand] -- -- (idsvc)
SRV - File not found [Auto] -- -- (IAANTMON) Intel®
SRV - File not found [On_Demand] -- -- (HTTPFilter)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [Auto] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand] -- -- (FontCache3.0.0.0)
SRV - File not found [On_Demand] -- -- (FastUserSwitchingCompatibility)
SRV - File not found [On_Demand] -- -- (EventSystem)
SRV - File not found [Auto] -- -- (Eventlog)
SRV - File not found [Auto] -- -- (ERSvc)
SRV - File not found [Auto] -- -- (ehSched)
SRV - File not found [Auto] -- -- (ehRecvr)
SRV - File not found [Auto] -- -- (Dnscache)
SRV - File not found [Auto] -- -- (dmserver)
SRV - File not found [On_Demand] -- -- (dmadmin)
SRV - File not found [Auto] -- -- (Dhcp)
SRV - File not found [Auto] -- -- (DcomLaunch)
SRV - File not found [Auto] -- -- (CryptSvc)
SRV - File not found [On_Demand] -- -- (COMSysApp)
SRV - File not found [On_Demand] -- -- (clr_optimization_v2.0.50727_32)
SRV - File not found [Disabled] -- -- (ClipSrv)
SRV - File not found [On_Demand] -- -- (CiSvc)
SRV - File not found [Auto] -- -- (Browser)
SRV - File not found [On_Demand] -- -- (BITS)
SRV - File not found [Auto] -- -- (AudioSrv)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [On_Demand] -- -- (ALG)
SRV - File not found [Disabled] -- -- (Alerter)
SRV - [2004/08/10 07:00:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (yeddef)
DRV - File not found [Kernel | On_Demand] -- -- (WudfRd)
DRV - File not found [Kernel | On_Demand] -- -- (WudfPf)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock)
DRV - File not found [Kernel | On_Demand] -- -- (wdmaud)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Wanarp)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | System] -- -- (VgaSave)
DRV - File not found [Kernel | On_Demand] -- -- (usbuhci)
DRV - File not found [Kernel | On_Demand] -- -- (usbstor)
DRV - File not found [Kernel | On_Demand] -- -- (usbhub)
DRV - File not found [Kernel | On_Demand] -- -- (usbehci)
DRV - File not found [Kernel | On_Demand] -- -- (Update)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [File_System | Disabled] -- -- (Udfs)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | System] -- -- (TermDD)
DRV - File not found [Kernel | On_Demand] -- -- (TDTCP)
DRV - File not found [Kernel | On_Demand] -- -- (TDPIPE)
DRV - File not found [Kernel | System] -- -- (Tcpip)
DRV - File not found [Kernel | On_Demand] -- -- (sysaudio)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | On_Demand] -- -- (swmidi)
DRV - File not found [Kernel | On_Demand] -- -- (swenum)
DRV - File not found [Kernel | On_Demand] -- -- (STHDA)
DRV - File not found [File_System | On_Demand] -- -- (Srv)
DRV - File not found [File_System | Boot] -- -- (sr)
DRV - File not found [Kernel | On_Demand] -- -- (splitter)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | System] -- -- (Sfloppy)
DRV - File not found [Kernel | Auto] -- -- (Serial)
DRV - File not found [Kernel | On_Demand] -- -- (Secdrv)
DRV - File not found [Kernel | System] -- -- (redbook)
DRV - File not found [Kernel | On_Demand] -- -- (RDPWD)
DRV - File not found [Kernel | On_Demand] -- -- (rdpdr)
DRV - File not found [Kernel | System] -- -- (RDPCDD)
DRV - File not found [File_System | System] -- -- (Rdbss)
DRV - File not found [Kernel | On_Demand] -- -- (Raspti)
DRV - File not found [Kernel | On_Demand] -- -- (RasPppoe)
DRV - File not found [Kernel | On_Demand] -- -- (Rasl2tp) WAN Miniport (L2TP)
DRV - File not found [Kernel | System] -- -- (RasAcd)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Boot] -- -- (PxHelp20)
DRV - File not found [Kernel | On_Demand] -- -- (Ptilink)
DRV - File not found [Kernel | On_Demand] -- -- (PSched)
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN Miniport (PPTP)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Disabled] -- -- (Pcmcia)
DRV - File not found [Kernel | Disabled] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (PCI)
DRV - File not found [Kernel | Auto] -- -- (ParVdm)
DRV - File not found [Kernel | Boot] -- -- (PartMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Parport)
DRV - File not found [Kernel | System] -- -- (OMCI)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (nv)
DRV - File not found [Kernel | System] -- -- (Null)
DRV - File not found [File_System | Disabled] -- -- (Ntfs)
DRV - File not found [File_System | System] -- -- (Npfs)
DRV - File not found [Kernel | System] -- -- (NetBT)
DRV - File not found [File_System | System] -- -- (NetBIOS)
DRV - File not found [Kernel | On_Demand] -- -- (NDProxy)
DRV - File not found [Kernel | On_Demand] -- -- (NdisWan)
DRV - File not found [Kernel | On_Demand] -- -- (Ndisuio)
DRV - File not found [Kernel | On_Demand] -- -- (NdisTapi)
DRV - File not found [Kernel | Boot] -- -- (NDIS)
DRV - File not found [Kernel | On_Demand] -- -- (NAL)
DRV - File not found [File_System | Boot] -- -- (Mup)
DRV - File not found [Kernel | On_Demand] -- -- (mssmbios)
DRV - File not found [Kernel | On_Demand] -- -- (MSPQM)
DRV - File not found [Kernel | On_Demand] -- -- (MSPCLOCK)
DRV - File not found [Kernel | On_Demand] -- -- (MSKSSRV)
DRV - File not found [File_System | System] -- -- (Msfs)
DRV - File not found [File_System | System] -- -- (MRxSmb)
DRV - File not found [File_System | On_Demand] -- -- (MRxDAV)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | Boot] -- -- (MountMgr)
DRV - File not found [Kernel | On_Demand] -- -- (mouhid)
DRV - File not found [Kernel | System] -- -- (Mouclass)
DRV - File not found [Kernel | On_Demand] -- -- (Modem)
DRV - File not found [Kernel | System] -- -- (mnmdd)
DRV - File not found [Kernel | On_Demand] -- -- (MHNDRV)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (KSecDD)
DRV - File not found [Kernel | On_Demand] -- -- (kmixer)
DRV - File not found [Kernel | System] -- -- (kbdhid)
DRV - File not found [Kernel | System] -- -- (Kbdclass)
DRV - File not found [Kernel | Boot] -- -- (isapnp)
DRV - File not found [Kernel | On_Demand] -- -- (IRENUM)
DRV - File not found [Kernel | System] -- -- (IPSec)
DRV - File not found [Kernel | On_Demand] -- -- (IpNat)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IpFilterDriver)
DRV - File not found [Kernel | On_Demand] -- -- (Ip6Fw)
DRV - File not found [Kernel | System] -- -- (intelppm)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | System] -- -- (Imapi)
DRV - File not found [Kernel | Boot] -- -- (iastor)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HTTP)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | On_Demand] -- -- (hidusb)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | On_Demand] -- -- (Gpc)
DRV - File not found [Kernel | Boot] -- -- (Ftdisk)
DRV - File not found [Recognizer | System] -- -- (Fs_Rec)
DRV - File not found [File_System | Boot] -- -- (FltMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Flpydisk)
DRV - File not found [Kernel | System] -- -- (Fips)
DRV - File not found [Kernel | On_Demand] -- -- (Fdc)
DRV - File not found [File_System | Disabled] -- -- (Fastfat)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | On_Demand] -- -- (e1express) Intel®
DRV - File not found [Kernel | On_Demand] -- -- (drmkaud)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | On_Demand] -- -- (DMusic)
DRV - File not found [Kernel | Boot] -- -- (dmload)
DRV - File not found [Kernel | Boot] -- -- (dmio)
DRV - File not found [Kernel | Disabled] -- -- (dmboot)
DRV - File not found [Kernel | Boot] -- -- (Disk)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Boot] -- -- (cercsr6)
DRV - File not found [Kernel | System] -- -- (Cdrom)
DRV - File not found [File_System | Disabled] -- -- (Cdfs)
DRV - File not found [Kernel | System] -- -- (Cdaudio)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (cbidf2k)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - File not found [Kernel | On_Demand] -- -- (audstub)
DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (AsyncMac)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | System] -- -- (AFD)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (ACPIEC)
DRV - File not found [Kernel | Boot] -- -- (ACPI)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Andrew-Gregory_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = I:\WINDOWS\system32\blank.htm
IE - HKU\Andrew-Gregory_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Andrew-Gregory_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Andrew-Gregory_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - I:\WINDOWS\System32\shdocvw.dll File not found
IE - HKU\Andrew-Gregory_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: I:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: I:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins


Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKU\Andrew-Gregory_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - I:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Andrew-Gregory_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - I:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Andrew-Gregory_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - I:\WINDOWS\System32\SHELL32.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe File not found
O4 - HKLM..\Run: [IAAnotif] I:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.DLL File not found
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.DLL File not found
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [QuickTime Task] I:\Program Files\QuickTime\QTTask.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] File not found
O4 - HKLM..\Run: [SNM] I:\Program Files\SpyNoMore\SNM.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKU\Andrew-Gregory_ON_C..\Run: [Aim] I:\Program Files\AIM7\aim.exe File not found
O4 - HKU\Andrew-Gregory_ON_C..\Run: [Google Update] I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe File not found
O4 - HKU\Andrew-Gregory_ON_C..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKU\Andrew-Gregory_ON_C..\Run: [Steam] i:\program files\steam\steam.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe File not found
O4 - HKU\Andrew-Gregory_ON_C..\RunOnce: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = I:\WINDOWS\Resources\Themes\Royale\Royale.msstyles File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = I:\WINDOWS\Resources\Themes\Royale.theme File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Andrew-Gregory_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - I:\WINDOWS\System32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - I:\WINDOWS\System32\winrnr.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - I:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - I:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - I:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - I:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - I:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - I:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - I:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - I:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - I:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - I:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - I:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - I:\WINDOWS\System32\mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - I:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - I:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - I:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - I:\WINDOWS\System32\inetcomm.dll File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - I:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - I:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - I:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - I:\WINDOWS\System32\wiascr.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - I:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - I:\WINDOWS\System32\SHELL32.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) - I:\WINDOWS\System32\userinit.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - I:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - I:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - I:\WINDOWS\System32\stobject.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - I:\WINDOWS\System32\webcheck.dll File not found
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\System32\WPDShServiceObj.dll File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - I:\WINDOWS\System32\browseui.dll File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - I:\WINDOWS\System32\browseui.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (kerberos) - File not found
O30 - LSA: Security Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (schannel) - File not found
O30 - LSA: Security Packages - (wdigest) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{91329971-2859-11df-9c50-001676b5c8f3}\Shell - "" = AutoRun
O33 - MountPoints2\{91329971-2859-11df-9c50-001676b5c8f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91329971-2859-11df-9c50-001676b5c8f3}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========


========== Files - Modified Within 30 Days ==========

[2010/05/23 14:17:40 | 000,000,774 | ---- | M] () -- I:\Document.rtf
[2010/04/23 16:36:50 | 000,671,232 | ---- | M] () -- I:\Member of the Month March.pub

========== Files Created - No Company Name ==========

[2010/05/23 14:17:38 | 000,000,774 | ---- | C] () -- I:\Document.rtf
[2010/04/23 16:32:31 | 000,671,232 | ---- | C] () -- I:\Member of the Month March.pub

========== LOP Check ==========


========== Purity Check ==========



========== Custom Scans ==========



< %SYSTEMDRIVE%\*.* >
[2010/04/23 16:36:50 | 000,671,232 | ---- | M] () -- I:\Member of the Month March.pub
[2010/05/23 14:17:40 | 000,000,774 | ---- | M] () -- I:\Document.rtf
[2010/05/23 15:19:14 | 000,069,428 | ---- | M] () -- I:\OTL.Txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
< End of report >


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:56 PM

Posted 23 May 2010 - 06:44 PM

We are going to make an experiment.

After booting to the Reatogo Desktop, click on the Start menu, then Rightclick on Mycomputer. Select Manage, then Disk Management. Right click on the I: drive and change the drive letter to J:. Then right click on the C: drive and change the drive letter to I:. Now, go back to the J: drive that you previously change to, right click on it and change it to C:.

This process will rename the C: drive to I:, and the I: drive to C:.

Seems that when Windows was installed, the "I" was selected as the installation drive letter and OTLPE can't handle these changes.

After you do these changes, run OTLPE as previously instructed. Post the Log.txt.

Edited by JSntgRvr, 23 May 2010 - 06:46 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 zomgsupersack

zomgsupersack
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 23 May 2010 - 06:59 PM

I got to the part where I changed I: to J: and C: to I:, but then when I tried changing J: to C:, there was no selection for C:. Only A, and then rest of the letters after J. Should I change it to A or some other letter?

EDIT: I didn't finish the last step, but I still scanned it using the program and it gave me a log file significantly different than my previous one. Hope this is what you were looking for.

OTL logfile created on: 5/23/2010 6:38:54 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive C: | 232.82 Gb Total Space | 165.45 Gb Free Space | 71.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 232.82 Gb Total Space | 165.45 Gb Free Space | 71.06% Space Free | Partition Type: NTFS
Drive J: | 1.87 Gb Total Space | 0.95 Gb Free Space | 50.71% Space Free | Partition Type: FAT
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/06/09 21:25:00 | 003,046,748 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- I:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- I:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/08/10 07:00:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (yeddef)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Disabled] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/01/12 00:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/12/31 12:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- I:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 10:58:48 | 000,263,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/22 07:35:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2007/12/18 05:51:35 | 000,179,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- I:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/30 14:07:22 | 000,242,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/04/23 06:32:54 | 000,364,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\iaStor.sys -- (iastor)
DRV - [2007/02/09 07:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- I:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2006/09/28 22:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 21:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/08/21 05:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- I:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2006/06/14 05:00:45 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2006/06/14 04:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2006/06/14 04:47:45 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2006/06/05 06:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/05/05 05:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2006/03/20 19:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/14 20:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2005/06/20 21:52:55 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2005/06/10 00:09:46 | 000,139,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2005/05/12 21:54:10 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2004/12/13 17:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/09/29 18:28:37 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/12 20:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 07:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/10 07:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/10 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/10 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/10 07:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/10 07:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- I:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/10 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/10 07:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/10 07:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- I:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/10 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/10 07:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/10 07:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/10 07:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/10 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- I:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2004/08/10 07:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/10 07:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- I:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/10 07:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- I:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/10 07:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- I:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/10 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/10 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/10 07:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/10 07:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/10 07:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/10 07:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/10 07:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/10 07:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/10 07:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/10 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/10 07:00:00 | 000,036,096 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2004/08/10 07:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/10 07:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2004/08/10 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/10 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/10 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/10 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/10 07:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/10 07:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/10 07:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/10 07:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/10 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/10 07:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/10 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/10 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/10 07:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/10 07:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/10 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/10 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/10 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/10 07:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/10 07:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2004/08/10 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/10 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/10 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/10 07:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/10 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/10 07:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/10 07:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/10 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/10 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2004/08/10 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/10 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- I:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/10 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- I:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/10 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/10 07:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/10 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/10 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/10 07:00:00 | 000,004,224 | ---- | M] () [Kernel | System] -- I:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/10 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/10 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- I:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/10 06:45:04 | 000,011,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV)
DRV - [2004/08/04 04:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/04 02:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 02:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\USBSTOR.SYS -- (usbstor)
DRV - [2004/08/04 02:08:44 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 02:08:38 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/04 02:08:38 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/04 02:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 02:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/04 02:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/04 02:01:16 | 000,196,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2004/08/04 01:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/04 01:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/04 01:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/03 18:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/08/03 18:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- I:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 17:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 16:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 09:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Andrew-Gregory_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = I:\WINDOWS\system32\blank.htm
IE - HKU\Andrew-Gregory_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Andrew-Gregory_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Andrew-Gregory_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - I:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\Andrew-Gregory_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - prefs.js..keyword.URL: "http://www.google.com/webhp?ie=UTF-8&oe=UTF-8"


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: I:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/06 16:01:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/02/14 17:54:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010/05/16 23:29:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010/05/16 23:29:40 | 000,000,000 | ---D | M]

[2009/06/14 18:46:58 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Mozilla\Extensions
[2009/06/14 18:46:58 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Andrew-Gregory\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/05/21 02:41:02 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Mozilla\Firefox\Profiles\lbr8cf85.default\extensions
[2010/05/04 02:02:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- I:\Documents and Settings\Andrew-Gregory\Application Data\Mozilla\Firefox\Profiles\lbr8cf85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/30 01:54:29 | 000,000,000 | ---D | M] (Gmail Manager) -- I:\Documents and Settings\Andrew-Gregory\Application Data\Mozilla\Firefox\Profiles\lbr8cf85.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2010/05/04 02:02:46 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Andrew-Gregory\Application Data\Mozilla\Firefox\Profiles\lbr8cf85.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/02/10 23:15:46 | 000,000,000 | ---D | M] (Answers) -- I:\Documents and Settings\Andrew-Gregory\Application Data\Mozilla\Firefox\Profiles\lbr8cf85.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2010/02/11 23:21:21 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Mozilla\Firefox\Profiles\lbr8cf85.default\extensions\smartbookmarksbar@remy.juteau
[2009/07/08 03:28:17 | 000,001,421 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\Application Data\Mozilla\Firefox\Profiles\lbr8cf85.default\searchplugins\ninjawords.xml
[2010/02/04 05:43:06 | 000,000,918 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\Application Data\Mozilla\Firefox\Profiles\lbr8cf85.default\searchplugins\thesauruscom.xml
[2009/06/22 05:49:15 | 000,002,006 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\Application Data\Mozilla\Firefox\Profiles\lbr8cf85.default\searchplugins\urban-dictionary.xml
[2009/06/18 05:38:53 | 000,000,945 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\Application Data\Mozilla\Firefox\Profiles\lbr8cf85.default\searchplugins\youtube-video-search.xml
[2010/05/21 02:41:02 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\extensions
[2010/05/05 23:13:45 | 000,000,000 | ---D | M] (Default) -- I:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/06 16:01:15 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/04/01 13:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 13:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- I:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 20:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/12/06 16:01:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2010/04/01 13:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- I:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 15:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- I:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- I:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/05/01 17:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- I:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/04/01 11:56:18 | 000,001,394 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 11:56:18 | 000,002,193 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 11:56:18 | 000,001,534 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 11:56:18 | 000,002,344 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 11:56:18 | 000,002,371 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 11:56:18 | 000,001,178 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 11:56:18 | 000,001,096 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\Andrew-Gregory_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Andrew-Gregory_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Andrew-Gregory_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] I:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [QuickTime Task] I:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] I:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SNM] I:\Program Files\SpyNoMore\SNM.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Andrew-Gregory_ON_C..\Run: [Aim] I:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKU\Andrew-Gregory_ON_C..\Run: [Google Update] I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\Andrew-Gregory_ON_C..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\Andrew-Gregory_ON_C..\Run: [Steam] i:\program files\steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\Andrew-Gregory_ON_C..\RunOnce: [] I:\WINDOWS\System32\osk.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = I:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = I:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Andrew-Gregory_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - I:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - I:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - I:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - I:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - I:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - I:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - I:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - I:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - I:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) - I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - I:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - I:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - I:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - I:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - I:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - I:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - I:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - I:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - I:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - I:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - I:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - I:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - I:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - I:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - I:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - I:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - I:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - I:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - I:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{91329971-2859-11df-9c50-001676b5c8f3}\Shell - "" = AutoRun
O33 - MountPoints2\{91329971-2859-11df-9c50-001676b5c8f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91329971-2859-11df-9c50-001676b5c8f3}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/22 01:13:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Malwarebytes
[2010/05/22 01:13:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/22 01:13:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[2010/05/22 01:13:04 | 000,000,000 | ---D | C] -- I:\Program Files\Malwarebytes' Anti-Malware
[2010/05/21 22:44:48 | 000,000,000 | ---D | C] -- I:\Config.Msi
[2010/05/21 22:34:01 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/21 21:42:54 | 000,000,000 | ---D | C] -- I:\GamepotUSA
[2010/05/21 21:11:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\PMB Files
[2010/05/21 21:10:53 | 000,000,000 | ---D | C] -- I:\Program Files\Pando Networks
[2010/05/21 02:32:26 | 038,808,920 | ---- | C] (Microsoft Corporation) -- I:\Documents and Settings\Andrew-Gregory\Desktop\FileFormatConverters.exe
[2010/05/20 09:12:48 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft Office
[2010/05/20 09:12:32 | 000,000,000 | ---D | C] -- I:\Program Files\MSECache
[2010/05/15 21:24:33 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Ubisoft
[2010/05/08 23:34:49 | 000,000,000 | ---D | C] -- I:\Program Files\mektek.net
[2010/04/25 14:04:14 | 000,267,272 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_10.dll
[2010/04/25 14:04:13 | 003,734,536 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_36.dll
[2010/04/25 14:04:13 | 001,374,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\D3DCompiler_36.dll
[2010/04/25 14:04:13 | 000,444,776 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx10_36.dll
[2010/04/25 14:04:12 | 003,727,720 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_35.dll
[2010/04/25 14:04:12 | 001,358,192 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\D3DCompiler_35.dll
[2010/04/25 14:04:12 | 000,444,776 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx10_35.dll
[2010/04/25 14:04:12 | 000,267,112 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_9.dll
[2010/04/25 14:04:11 | 003,497,832 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_34.dll
[2010/04/25 14:04:11 | 001,124,720 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\D3DCompiler_34.dll
[2010/04/25 14:04:11 | 000,443,752 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx10_34.dll
[2010/04/25 14:04:11 | 000,266,088 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_8.dll
[2010/04/25 14:04:11 | 000,017,928 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\X3DAudio1_2.dll
[2010/04/25 14:04:10 | 000,261,480 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_7.dll
[2010/04/25 14:04:03 | 000,255,848 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_6.dll
[2010/04/25 14:04:02 | 003,426,072 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_32.dll
[2010/04/25 14:04:02 | 000,251,672 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_5.dll
[2010/04/25 14:04:02 | 000,237,848 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_4.dll
[2010/04/25 14:04:02 | 000,015,128 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\x3daudio1_1.dll
[2010/04/25 14:04:01 | 002,414,360 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_31.dll
[2010/04/25 14:04:01 | 000,236,824 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_3.dll
[2010/04/25 14:04:01 | 000,062,744 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xinput1_2.dll
[2010/04/25 14:04:00 | 000,230,168 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_2.dll
[2010/04/25 14:03:59 | 000,229,584 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_1.dll
[2010/04/25 14:03:59 | 000,062,672 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xinput1_1.dll
[2010/04/25 14:03:51 | 002,332,368 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_29.dll
[2010/04/25 14:03:51 | 000,230,096 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_0.dll
[2010/04/25 14:03:51 | 000,014,032 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\x3daudio1_0.dll
[2010/04/25 14:03:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_28.dll
[2010/04/25 14:03:50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_27.dll
[2010/04/25 14:03:50 | 002,297,552 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_26.dll
[2010/04/25 14:03:50 | 000,061,136 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xinput9_1_0.dll
[2010/04/25 14:03:49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_25.dll
[2010/04/25 14:03:42 | 002,222,800 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_24.dll
[2010/04/24 00:19:56 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Andrew-Gregory\My Documents\My Games
[2010/04/24 00:18:05 | 001,123,696 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\D3DCompiler_33.dll
[2010/04/24 00:18:05 | 000,443,752 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx10_33.dll
[2010/04/24 00:18:03 | 003,495,784 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_33.dll
[2010/04/24 00:18:00 | 002,388,176 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_30.dll
[6 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 18:40:39 | 003,407,872 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.dat
[2010/05/23 06:28:01 | 000,229,376 | ---- | M] () -- I:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/23 06:27:59 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2010/05/23 06:27:58 | 000,000,178 | -HS- | M] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.ini
[2010/05/23 03:29:59 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2010/05/22 01:10:05 | 003,184,656 | -H-- | M] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\IconCache.db
[2010/05/21 22:46:52 | 000,421,120 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/21 22:35:51 | 000,128,720 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/21 22:14:00 | 000,000,902 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/21 21:45:01 | 000,001,014 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1972579041-725345543-1003UA.job
[2010/05/21 20:26:59 | 000,271,490 | ---- | M] () -- I:\WINDOWS\System32\NvApps.xml
[2010/05/21 20:26:58 | 000,000,898 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/21 20:26:53 | 000,000,006 | -H-- | M] () -- I:\WINDOWS\tasks\SA.DAT
[2010/05/21 09:07:47 | 000,015,872 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\My Documents\Heart of Darkness scaffold.doc
[2010/05/21 07:45:00 | 000,000,962 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1972579041-725345543-1003Core.job
[2010/05/21 02:33:11 | 000,233,472 | ---- | M] () -- I:\Documents and Settings\LocalService\ntuser.dat
[2010/05/21 02:32:49 | 038,808,920 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\Andrew-Gregory\Desktop\FileFormatConverters.exe
[2010/05/08 17:50:50 | 000,026,624 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/05 23:10:04 | 001,310,208 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\My Documents\Vocabulary #16 Worksheets.doc
[2010/04/29 18:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 18:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 18:46:47 | 000,002,351 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\Desktop\Google Chrome.lnk
[2010/04/25 20:14:40 | 001,248,768 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\My Documents\Vocabulary #15 Worksheets.doc
[6 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/23 14:55:58 | 000,008,192 | -H-- | C] () -- I:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
[2010/05/21 09:07:45 | 000,015,872 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\My Documents\Heart of Darkness scaffold.doc
[2010/05/21 02:33:11 | 003,407,872 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.dat
[2010/05/21 02:33:11 | 000,233,472 | ---- | C] () -- I:\Documents and Settings\LocalService\ntuser.dat
[2010/05/21 02:31:31 | 000,012,410 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\Desktop\heartofdarkness.docx
[2010/05/20 02:14:25 | 000,010,240 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\Desktop\heart of darkness scaffold.wps
[2010/05/05 23:10:01 | 001,310,208 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\My Documents\Vocabulary #16 Worksheets.doc
[2010/04/25 20:14:37 | 001,248,768 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\My Documents\Vocabulary #15 Worksheets.doc
[2010/02/14 02:50:46 | 000,000,262 | ---- | C] () -- I:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/25 16:07:10 | 000,274,432 | ---- | C] () -- I:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2009/09/19 00:30:57 | 000,001,152 | ---- | C] () -- I:\WINDOWS\System32\windrv.sys
[2009/06/17 04:42:10 | 000,026,624 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/14 18:33:53 | 000,876,544 | ---- | C] () -- I:\WINDOWS\System32\TEACico2.dll
[2009/06/14 16:31:26 | 000,000,137 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\fusioncache.dat
[2009/06/14 16:28:22 | 000,000,178 | -HS- | C] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.ini
[2009/06/14 16:28:21 | 000,094,208 | -H-- | C] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.dat.LOG
[2009/06/14 16:27:18 | 000,000,020 | -HS- | C] () -- I:\Documents and Settings\LocalService\ntuser.ini
[2009/06/14 16:27:17 | 000,008,192 | -H-- | C] () -- I:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/06/14 16:27:04 | 000,229,376 | ---- | C] () -- I:\Documents and Settings\NetworkService\NTUSER.DAT
[2009/06/14 16:27:04 | 000,008,192 | -H-- | C] () -- I:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/06/14 16:27:04 | 000,000,020 | -HS- | C] () -- I:\Documents and Settings\NetworkService\ntuser.ini
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- I:\WINDOWS\System32\psisdecd.dll
[2004/08/10 07:00:00 | 000,004,224 | ---- | C] () -- I:\WINDOWS\System32\drivers\rdpcdd.sys
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- I:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/06/14 18:46:01 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\acccore
[2009/09/01 02:18:40 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Aim
[2010/04/18 21:16:52 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Braid
[2009/10/25 03:11:28 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\GameRanger
[2009/09/19 00:30:46 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\GetRightToGo
[2010/01/24 18:11:09 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/12/06 16:02:44 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\OpenOffice.org
[2009/09/01 02:30:13 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Trillian
[2010/05/15 21:24:33 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Ubisoft
[2009/07/05 21:22:17 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- I:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- I:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/10 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- I:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/10 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- I:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- I:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/10 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- I:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/10 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- I:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- I:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- I:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- I:\WINDOWS\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- I:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/10 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- I:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IASTOR.SYS >
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- I:\WINDOWS\dell\iastor\iastor.sys
[2006/05/11 12:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- I:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\iaStor.sys
[2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- I:\DELL\drivers\R158601\iastor.sys
[2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- I:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- I:\WINDOWS\system32\drivers\iaStor.sys
[2007/03/21 15:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- I:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- I:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- I:\WINDOWS\$NtUninstallKB975467$\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- I:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- I:\WINDOWS\system32\netlogon.dll
[2004/08/10 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- I:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp2.cab:ntoskrnl.exe
[2009/12/09 03:52:36 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=05BE3D9A71972223AFF6A3C823BA51B1 -- I:\WINDOWS\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[2008/04/13 15:27:53 | 002,188,928 | ---- | M] (Microsoft Corporation) MD5=0C89243C7C3EE199B96FCC16990E0679 -- I:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[2009/02/06 06:29:47 | 002,142,720 | ---- | M] (Microsoft Corporation) MD5=19A791C5DFE59AA9BB1461C4957004F6 -- I:\WINDOWS\$NtUninstallKB971486$\ntoskrnl.exe
[2005/03/01 21:04:22 | 002,179,456 | ---- | M] (Microsoft Corporation) MD5=28187802B7C368C0D3AEF7D4C382AABB -- I:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[2010/02/16 13:35:40 | 002,143,744 | ---- | M] (Microsoft Corporation) MD5=4F1BBAF9BA10B29022FB3F5FAC32D022 -- I:\WINDOWS\system32\ntoskrnl.exe
[2009/12/08 15:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=78EC47F9B9A3A1D539262D8834C896CE -- I:\WINDOWS\$hf_mig$\KB977165\SP3GDR\ntoskrnl.exe
[2009/02/06 07:08:19 | 002,189,056 | ---- | M] (Microsoft Corporation) MD5=7A95B10A73737EBF24139AAA63F5212B -- I:\WINDOWS\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[2009/08/04 23:44:46 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=8415D9C7C050E7022AED8ABF281BE4A6 -- I:\WINDOWS\$hf_mig$\KB971486\SP3GDR\ntoskrnl.exe
[2010/02/16 13:37:57 | 002,186,880 | ---- | M] (Microsoft Corporation) MD5=97E2BF68857818A4D142B872404DC41B -- I:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2010/02/16 13:37:57 | 002,186,880 | ---- | M] (Microsoft Corporation) MD5=97E2BF68857818A4D142B872404DC41B -- I:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2009/12/08 14:11:44 | 002,142,720 | ---- | M] (Microsoft Corporation) MD5=A753994B8DE37FA767149DE6704E4886 -- I:\WINDOWS\$NtUninstallKB979683$\ntoskrnl.exe
[2009/08/04 08:49:00 | 002,142,720 | ---- | M] (Microsoft Corporation) MD5=C0900759CBDA8FBACC2470EF0E8EB31B -- I:\WINDOWS\$NtUninstallKB977165$\ntoskrnl.exe
[2010/02/17 12:10:28 | 002,189,952 | ---- | M] (Microsoft Corporation) MD5=D41C3CBAD0E1C0728D1CDFD541F60CFA -- I:\WINDOWS\$hf_mig$\KB979683\SP3GDR\ntoskrnl.exe
[2005/03/29 21:21:23 | 002,135,552 | ---- | M] (Microsoft Corporation) MD5=D5B44CEB743886F36222928CE2536C44 -- I:\WINDOWS\$NtUninstallKB956572$\ntoskrnl.exe
[2010/02/16 08:52:12 | 002,190,080 | ---- | M] (Microsoft Corporation) MD5=E1F653A542449D54FA2D27463D99B6B6 -- I:\WINDOWS\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[2009/02/07 22:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- I:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2009/08/04 09:56:10 | 002,189,312 | ---- | M] (Microsoft Corporation) MD5=FDE779EA1A564EBFE16F4E0F82B61BAD -- I:\WINDOWS\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

< MD5 for: NVATABUS.SYS >
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- I:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/10 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- I:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/10 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- I:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- I:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/10 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- I:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/10 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- I:\WINDOWS\system32\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- I:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe

< %SYSTEMDRIVE%\*.* >
[2009/06/14 16:20:23 | 000,000,208 | -HS- | M] () -- I:\boot.ini
[2006/03/31 23:54:00 | 004,866,615 | ---- | M] () -- I:\data1.cab
[2006/03/31 23:54:00 | 000,029,080 | ---- | M] () -- I:\data1.hdr
[2006/03/31 23:54:00 | 000,000,512 | ---- | M] () -- I:\data2.cab
[2006/03/31 23:54:00 | 000,459,544 | ---- | M] () -- I:\engine32.cab
[2010/03/25 08:56:01 | 000,001,097 | -H-- | M] () -- I:\IPH.PH
[2006/03/31 23:54:00 | 000,216,131 | ---- | M] () -- I:\keystone.ex_
[2006/03/31 23:54:00 | 000,000,510 | ---- | M] () -- I:\layout.bin
[2006/03/31 23:54:00 | 000,003,679 | ---- | M] () -- I:\modes.txt
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- I:\NTDETECT.COM
[2004/08/10 07:00:00 | 000,250,032 | RHS- | M] () -- I:\ntldr
[2006/03/31 23:54:00 | 002,222,362 | ---- | M] () -- I:\nv4_disp.dl_
[2006/03/31 23:54:00 | 001,974,197 | ---- | M] () -- I:\nv4_mini.sy_
[2006/03/31 23:54:00 | 000,046,477 | ---- | M] () -- I:\nvapi.dl_
[2006/03/31 23:54:00 | 000,011,530 | ---- | M] () -- I:\NvApps.xm_
[2006/03/31 23:54:00 | 000,023,560 | ---- | M] () -- I:\nvcod.dl_
[2006/03/31 23:54:00 | 000,161,823 | ---- | M] () -- I:\NVCPDA.HL_
[2006/03/31 23:54:00 | 000,170,522 | ---- | M] () -- I:\NVCPDE.HL_
[2006/03/31 23:54:00 | 000,162,460 | ---- | M] () -- I:\NVCPES.HL_
[2006/03/31 23:54:00 | 000,165,790 | ---- | M] () -- I:\NVCPFI.HL_
[2006/03/31 23:54:00 | 000,163,306 | ---- | M] () -- I:\NVCPFR.HL_
[2006/03/31 23:54:00 | 000,154,236 | ---- | M] () -- I:\NVCPIT.HL_
[2006/03/31 23:54:00 | 000,157,341 | ---- | M] () -- I:\NVCPJA.HL_
[2006/03/31 23:54:00 | 000,140,903 | ---- | M] () -- I:\NVCPKO.HL_
[2006/03/31 23:54:00 | 005,046,764 | ---- | M] () -- I:\NvCpl.dl_
[2006/03/31 23:54:00 | 000,149,403 | ---- | M] () -- I:\NVCPL.HL_
[2006/03/31 23:54:00 | 000,157,304 | ---- | M] () -- I:\NVCPNL.HL_
[2006/03/31 23:54:00 | 000,155,762 | ---- | M] () -- I:\NVCPNO.HL_
[2006/03/31 23:54:00 | 000,163,556 | ---- | M] () -- I:\NVCPPTB.HL_
[2006/03/31 23:54:00 | 000,164,429 | ---- | M] () -- I:\NVCPSV.HL_
[2006/03/31 23:54:00 | 000,149,486 | ---- | M] () -- I:\NVCPZHC.HL_
[2006/03/31 23:54:00 | 000,149,608 | ---- | M] () -- I:\NVCPZHT.HL_
[2006/04/10 09:31:04 | 000,017,248 | ---- | M] () -- I:\nvdd.cat
[2006/03/31 23:54:00 | 000,019,422 | ---- | M] () -- I:\NVDD.INF
[2006/03/31 23:54:00 | 000,016,960 | ---- | M] () -- I:\NVDisp.nvu
[2006/03/31 23:54:00 | 000,164,092 | ---- | M] () -- I:\nvmccs.dl_
[2006/03/31 23:54:00 | 000,009,111 | ---- | M] () -- I:\nvmccsrs.dl_
[2006/03/31 23:54:00 | 000,044,068 | ---- | M] () -- I:\NvMCTray.dl_
[2006/03/31 23:54:00 | 002,730,019 | ---- | M] () -- I:\nvoglnt.dl_
[2006/03/31 23:54:00 | 000,075,154 | ---- | M] () -- I:\NVRSDA.dl_
[2006/03/31 23:54:00 | 000,082,032 | ---- | M] () -- I:\NVRSDE.dl_
[2006/03/31 23:54:00 | 000,080,154 | ---- | M] () -- I:\NVRSES.dl_
[2006/03/31 23:54:00 | 000,074,257 | ---- | M] () -- I:\NVRSFI.dl_
[2006/03/31 23:54:00 | 000,081,075 | ---- | M] () -- I:\NVRSFR.dl_
[2006/03/31 23:54:00 | 000,079,392 | ---- | M] () -- I:\NVRSIT.dl_
[2006/03/31 23:54:00 | 000,099,658 | ---- | M] () -- I:\NVRSJA.dl_
[2006/03/31 23:54:00 | 000,097,817 | ---- | M] () -- I:\NVRSKO.dl_
[2006/03/31 23:54:00 | 000,079,445 | ---- | M] () -- I:\NVRSNL.dl_
[2006/03/31 23:54:00 | 000,074,371 | ---- | M] () -- I:\NVRSNO.dl_
[2006/03/31 23:54:00 | 000,077,931 | ---- | M] () -- I:\NVRSPTB.dl_
[2006/03/31 23:54:00 | 000,074,601 | ---- | M] () -- I:\NVRSSV.dl_
[2006/03/31 23:54:00 | 000,091,990 | ---- | M] () -- I:\NVRSZHC.dl_
[2006/03/31 23:54:00 | 000,056,228 | ---- | M] () -- I:\NVRSZHT.dl_
[2006/03/31 23:54:00 | 000,081,065 | ---- | M] () -- I:\nvsvc32.ex_
[2006/03/31 23:54:00 | 000,180,224 | ---- | M] (NVIDIA Corporation) -- I:\nvudisp.exe
[2006/03/31 23:54:00 | 000,040,978 | ---- | M] () -- I:\nvwcpda.hl_
[2006/03/31 23:54:00 | 000,043,454 | ---- | M] () -- I:\nvwcpde.hl_
[2006/03/31 23:54:00 | 000,039,558 | ---- | M] () -- I:\nvwcpes.hl_
[2006/03/31 23:54:00 | 000,042,444 | ---- | M] () -- I:\nvwcpfi.hl_
[2006/03/31 23:54:00 | 000,042,139 | ---- | M] () -- I:\nvwcpfr.hl_
[2006/03/31 23:54:00 | 000,039,750 | ---- | M] () -- I:\nvwcpit.hl_
[2006/03/31 23:54:00 | 000,039,572 | ---- | M] () -- I:\nvwcpja.hl_
[2006/03/31 23:54:00 | 000,040,980 | ---- | M] () -- I:\nvwcpko.hl_
[2006/03/31 23:54:00 | 000,040,704 | ---- | M] () -- I:\nvwcpnl.hl_
[2006/03/31 23:54:00 | 000,039,708 | ---- | M] () -- I:\nvwcpno.hl_
[2006/03/31 23:54:00 | 000,041,415 | ---- | M] () -- I:\nvwcpptb.hl_
[2006/03/31 23:54:00 | 000,042,172 | ---- | M] () -- I:\nvwcpsv.hl_
[2006/03/31 23:54:00 | 000,033,585 | ---- | M] () -- I:\nvwcpzhc.hl_
[2006/03/31 23:54:00 | 000,032,242 | ---- | M] () -- I:\nvwcpzht.hl_
[2006/03/31 23:54:00 | 000,048,464 | ---- | M] () -- I:\nvwddi.dl_
[2006/03/31 23:54:00 | 000,085,245 | ---- | M] () -- I:\nvwrsda.dl_
[2006/03/31 23:54:00 | 000,090,089 | ---- | M] () -- I:\nvwrsde.dl_
[2006/03/31 23:54:00 | 000,092,517 | ---- | M] () -- I:\nvwrses.dl_
[2006/03/31 23:54:00 | 000,087,449 | ---- | M] () -- I:\nvwrsfi.dl_
[2006/03/31 23:54:00 | 000,090,969 | ---- | M] () -- I:\nvwrsfr.dl_
[2006/03/31 23:54:00 | 000,089,560 | ---- | M] () -- I:\nvwrsit.dl_
[2006/03/31 23:54:00 | 000,073,244 | ---- | M] () -- I:\nvwrsja.dl_
[2006/03/31 23:54:00 | 000,069,680 | ---- | M] () -- I:\nvwrsko.dl_
[2006/03/31 23:54:00 | 000,090,361 | ---- | M] () -- I:\nvwrsnl.dl_
[2006/03/31 23:54:00 | 000,085,083 | ---- | M] () -- I:\nvwrsno.dl_
[2006/03/31 23:54:00 | 000,089,506 | ---- | M] () -- I:\nvwrsptb.dl_
[2006/03/31 23:54:00 | 000,085,068 | ---- | M] () -- I:\nvwrssv.dl_
[2006/03/31 23:54:00 | 000,065,188 | ---- | M] () -- I:\nvwrszhc.dl_
[2006/03/31 23:54:00 | 000,066,220 | ---- | M] () -- I:\nvwrszht.dl_
[2010/05/23 03:29:47 | 2145,386,496 | -HS- | M] () -- I:\pagefile.sys
[2006/03/31 23:54:00 | 000,003,638 | ---- | M] () -- I:\README.TXT
[2006/03/31 23:54:00 | 000,176,760 | ---- | M] () -- I:\setup.bmp
[2006/03/31 23:54:00 | 000,116,880 | ---- | M] (InstallShield Software Corporation) -- I:\setup.exe
[2006/03/31 23:54:00 | 000,435,969 | ---- | M] () -- I:\setup.ibt
[2006/03/31 23:54:00 | 000,000,862 | ---- | M] () -- I:\setup.ini
[2006/03/31 23:54:00 | 000,235,079 | ---- | M] () -- I:\setup.inx
[2006/03/31 23:54:00 | 000,000,431 | ---- | M] () -- I:\setup.iss
[2006/03/31 23:54:00 | 000,068,593 | ---- | M] () -- I:\setup.skin

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/06/14 08:49:13 | 000,094,208 | ---- | M] () -- I:\WINDOWS\system32\config\default.sav
[2009/06/14 08:49:13 | 000,659,456 | ---- | M] () -- I:\WINDOWS\system32\config\software.sav
[2009/06/14 08:49:13 | 000,909,312 | ---- | M] () -- I:\WINDOWS\system32\config\system.sav
< End of report >

Edited by zomgsupersack, 23 May 2010 - 07:48 PM.


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:56 PM

Posted 23 May 2010 - 09:22 PM

You will need to go throughout this process every time you boot to the Reatogo desktop in order for OTLPE to work.

QUOTE
After booting to the Reatogo Desktop, click on the Start menu, then Rightclick on Mycomputer. Select Manage, then Disk Management. Right click on the I: drive and change the drive letter to J:. Then right click on the C: drive and change the drive letter to I:.


There seems to be a file patched.

Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in
      /md5start
      rdpcdd.sys
      /md5stop
  • Press Run Scan to start the scan.
  • When finished, another OTL.txt file will be produced.
  • Copy this file to your USB drive.
  • Please post the contents of the OTL.txt file in your next reply.

Edited by JSntgRvr, 23 May 2010 - 09:27 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 zomgsupersack

zomgsupersack
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 23 May 2010 - 10:51 PM

Here is the file. Hopefully, I did it right.

OTL logfile created on: 5/23/2010 10:41:51 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 232.82 Gb Total Space | 165.45 Gb Free Space | 71.06% Space Free | Partition Type: NTFS
Drive J: | 1.87 Gb Total Space | 0.95 Gb Free Space | 50.70% Space Free | Partition Type: FAT
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/06/09 21:25:00 | 003,046,748 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- I:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- I:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (yeddef)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Disabled] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/01/12 00:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/12/31 12:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- I:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 10:58:48 | 000,263,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/22 07:35:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2007/12/18 05:51:35 | 000,179,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- I:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/30 14:07:22 | 000,242,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/04/23 06:32:54 | 000,364,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\iaStor.sys -- (iastor)
DRV - [2007/02/09 07:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- I:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2006/09/28 22:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 21:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/08/21 05:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- I:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2006/06/14 05:00:45 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2006/06/14 04:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2006/06/14 04:47:45 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2006/06/05 06:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/05/05 05:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2006/03/20 19:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/14 20:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2005/06/20 21:52:55 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2005/06/10 00:09:46 | 000,139,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2005/05/12 21:54:10 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2004/12/13 17:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/09/29 18:28:37 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/12 20:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 07:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/10 07:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/10 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/10 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/10 07:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/10 07:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- I:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/10 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/10 07:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/10 07:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- I:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/10 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/10 07:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/10 07:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/10 07:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/10 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- I:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2004/08/10 07:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/10 07:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- I:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/10 07:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- I:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/10 07:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- I:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/10 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/10 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/10 07:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/10 07:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/10 07:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/10 07:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/10 07:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/10 07:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/10 07:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/10 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/10 07:00:00 | 000,036,096 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2004/08/10 07:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/10 07:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2004/08/10 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/10 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/10 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/10 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/10 07:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/10 07:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/10 07:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/10 07:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/10 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/10 07:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/10 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/10 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/10 07:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/10 07:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/10 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/10 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/10 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/10 07:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/10 07:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2004/08/10 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/10 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/10 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/10 07:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/10 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/10 07:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/10 07:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/10 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/10 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2004/08/10 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/10 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- I:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/10 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- I:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/10 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/10 07:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/10 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/10 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/10 07:00:00 | 000,004,224 | ---- | M] () [Kernel | System] -- I:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/10 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/10 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- I:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/10 06:45:04 | 000,011,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV)
DRV - [2004/08/04 04:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/04 02:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 02:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\USBSTOR.SYS -- (usbstor)
DRV - [2004/08/04 02:08:44 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 02:08:38 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/04 02:08:38 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/04 02:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 02:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/04 02:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/04 02:01:16 | 000,196,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2004/08/04 01:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/04 01:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/04 01:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/03 18:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/08/03 18:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- I:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 17:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 16:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 09:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Andrew-Gregory_ON_I\Software\Microsoft\Internet Explorer\Main,Local Page = I:\WINDOWS\system32\blank.htm
IE - HKU\Andrew-Gregory_ON_I\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Andrew-Gregory_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Andrew-Gregory_ON_I\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - I:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\Andrew-Gregory_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\systemprofile_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: I:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/06 16:01:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/02/14 17:54:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010/05/16 23:29:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010/05/16 23:29:40 | 000,000,000 | ---D | M]

[2010/05/21 02:41:02 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\extensions
[2010/05/05 23:13:45 | 000,000,000 | ---D | M] (Default) -- I:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/06 16:01:15 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/04/01 13:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 13:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- I:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 20:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/12/06 16:01:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2010/04/01 13:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- I:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 15:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- I:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- I:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/05/01 17:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- I:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/04/01 11:56:18 | 000,001,394 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 11:56:18 | 000,002,193 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 11:56:18 | 000,001,534 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 11:56:18 | 000,002,344 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 11:56:18 | 000,002,371 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 11:56:18 | 000,001,178 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 11:56:18 | 000,001,096 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\Andrew-Gregory_ON_I\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Andrew-Gregory_ON_I\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Andrew-Gregory_ON_I\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] I:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [QuickTime Task] I:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] I:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SNM] I:\Program Files\SpyNoMore\SNM.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Andrew-Gregory_ON_I..\Run: [Aim] I:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKU\Andrew-Gregory_ON_I..\Run: [Google Update] I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\Andrew-Gregory_ON_I..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\Andrew-Gregory_ON_I..\Run: [Steam] i:\program files\steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\Andrew-Gregory_ON_I..\RunOnce: [] I:\WINDOWS\System32\osk.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = I:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = I:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Andrew-Gregory_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - I:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - I:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - I:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - I:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - I:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - I:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - I:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - I:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - I:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) - I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - I:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - I:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - I:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - I:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - I:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - I:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - I:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - I:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - I:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - I:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - I:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - I:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - I:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - I:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - I:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - I:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - I:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - I:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - I:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{91329971-2859-11df-9c50-001676b5c8f3}\Shell - "" = AutoRun
O33 - MountPoints2\{91329971-2859-11df-9c50-001676b5c8f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91329971-2859-11df-9c50-001676b5c8f3}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/22 01:13:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Malwarebytes
[2010/05/22 01:13:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/22 01:13:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[2010/05/22 01:13:04 | 000,000,000 | ---D | C] -- I:\Program Files\Malwarebytes' Anti-Malware
[2010/05/21 22:44:48 | 000,000,000 | ---D | C] -- I:\Config.Msi
[2010/05/21 22:34:01 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/21 21:42:54 | 000,000,000 | ---D | C] -- I:\GamepotUSA
[2010/05/21 21:11:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\PMB Files
[2010/05/21 21:10:53 | 000,000,000 | ---D | C] -- I:\Program Files\Pando Networks
[2010/05/20 09:12:48 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft Office
[2010/05/20 09:12:32 | 000,000,000 | ---D | C] -- I:\Program Files\MSECache
[2010/05/15 21:24:33 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Ubisoft
[2010/05/08 23:34:49 | 000,000,000 | ---D | C] -- I:\Program Files\mektek.net
[2010/04/25 14:04:14 | 000,267,272 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_10.dll
[2010/04/25 14:04:13 | 003,734,536 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_36.dll
[2010/04/25 14:04:13 | 001,374,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\D3DCompiler_36.dll
[2010/04/25 14:04:13 | 000,444,776 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx10_36.dll
[2010/04/25 14:04:12 | 003,727,720 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_35.dll
[2010/04/25 14:04:12 | 001,358,192 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\D3DCompiler_35.dll
[2010/04/25 14:04:12 | 000,444,776 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx10_35.dll
[2010/04/25 14:04:12 | 000,267,112 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_9.dll
[2010/04/25 14:04:11 | 003,497,832 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_34.dll
[2010/04/25 14:04:11 | 001,124,720 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\D3DCompiler_34.dll
[2010/04/25 14:04:11 | 000,443,752 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx10_34.dll
[2010/04/25 14:04:11 | 000,266,088 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_8.dll
[2010/04/25 14:04:11 | 000,017,928 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\X3DAudio1_2.dll
[2010/04/25 14:04:10 | 000,261,480 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_7.dll
[2010/04/25 14:04:03 | 000,255,848 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_6.dll
[2010/04/25 14:04:02 | 003,426,072 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_32.dll
[2010/04/25 14:04:02 | 000,251,672 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_5.dll
[2010/04/25 14:04:02 | 000,237,848 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_4.dll
[2010/04/25 14:04:02 | 000,015,128 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\x3daudio1_1.dll
[2010/04/25 14:04:01 | 002,414,360 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_31.dll
[2010/04/25 14:04:01 | 000,236,824 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_3.dll
[2010/04/25 14:04:01 | 000,062,744 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xinput1_2.dll
[2010/04/25 14:04:00 | 000,230,168 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_2.dll
[2010/04/25 14:03:59 | 000,229,584 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_1.dll
[2010/04/25 14:03:59 | 000,062,672 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xinput1_1.dll
[2010/04/25 14:03:51 | 002,332,368 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_29.dll
[2010/04/25 14:03:51 | 000,230,096 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_0.dll
[2010/04/25 14:03:51 | 000,014,032 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\x3daudio1_0.dll
[2010/04/25 14:03:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_28.dll
[2010/04/25 14:03:50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_27.dll
[2010/04/25 14:03:50 | 002,297,552 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_26.dll
[2010/04/25 14:03:50 | 000,061,136 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xinput9_1_0.dll
[2010/04/25 14:03:49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_25.dll
[2010/04/25 14:03:42 | 002,222,800 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_24.dll
[2010/04/24 00:18:05 | 001,123,696 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\D3DCompiler_33.dll
[2010/04/24 00:18:05 | 000,443,752 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx10_33.dll
[2010/04/24 00:18:03 | 003,495,784 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_33.dll
[2010/04/24 00:18:00 | 002,388,176 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_30.dll
[6 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 21:31:34 | 003,407,872 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.dat
[2010/05/23 06:28:01 | 000,229,376 | ---- | M] () -- I:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/23 06:27:59 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2010/05/23 06:27:58 | 000,000,178 | -HS- | M] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.ini
[2010/05/23 03:29:59 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2010/05/22 01:10:05 | 003,184,656 | -H-- | M] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\IconCache.db
[2010/05/21 22:46:52 | 000,421,120 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/21 22:35:51 | 000,128,720 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/21 22:14:00 | 000,000,902 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/21 21:45:01 | 000,001,014 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1972579041-725345543-1003UA.job
[2010/05/21 20:26:59 | 000,271,490 | ---- | M] () -- I:\WINDOWS\System32\NvApps.xml
[2010/05/21 20:26:58 | 000,000,898 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/21 20:26:53 | 000,000,006 | -H-- | M] () -- I:\WINDOWS\tasks\SA.DAT
[2010/05/21 07:45:00 | 000,000,962 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1972579041-725345543-1003Core.job
[2010/05/21 02:33:11 | 000,233,472 | ---- | M] () -- I:\Documents and Settings\LocalService\ntuser.dat
[2010/05/08 17:50:50 | 000,026,624 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 18:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 18:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[6 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/23 14:55:58 | 000,008,192 | -H-- | C] () -- I:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
[2010/05/21 02:33:11 | 003,407,872 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.dat
[2010/05/21 02:33:11 | 000,233,472 | ---- | C] () -- I:\Documents and Settings\LocalService\ntuser.dat
[2010/02/14 02:50:46 | 000,000,262 | ---- | C] () -- I:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/25 16:07:10 | 000,274,432 | ---- | C] () -- I:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2009/09/19 00:30:57 | 000,001,152 | ---- | C] () -- I:\WINDOWS\System32\windrv.sys
[2009/06/17 04:42:10 | 000,026,624 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/14 18:33:53 | 000,876,544 | ---- | C] () -- I:\WINDOWS\System32\TEACico2.dll
[2009/06/14 16:31:26 | 000,000,137 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\fusioncache.dat
[2009/06/14 16:28:22 | 000,000,178 | -HS- | C] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.ini
[2009/06/14 16:28:21 | 000,028,672 | -H-- | C] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.dat.LOG
[2009/06/14 16:27:18 | 000,000,020 | -HS- | C] () -- I:\Documents and Settings\LocalService\ntuser.ini
[2009/06/14 16:27:17 | 000,008,192 | -H-- | C] () -- I:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/06/14 16:27:04 | 000,229,376 | ---- | C] () -- I:\Documents and Settings\NetworkService\NTUSER.DAT
[2009/06/14 16:27:04 | 000,008,192 | -H-- | C] () -- I:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/06/14 16:27:04 | 000,000,020 | -HS- | C] () -- I:\Documents and Settings\NetworkService\ntuser.ini
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- I:\WINDOWS\System32\psisdecd.dll
[2004/08/10 07:00:00 | 000,004,224 | ---- | C] () -- I:\WINDOWS\System32\drivers\rdpcdd.sys
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- I:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/06/14 18:46:01 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\acccore
[2009/09/01 02:18:40 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Aim
[2010/04/18 21:16:52 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Braid
[2009/10/25 03:11:28 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\GameRanger
[2009/09/19 00:30:46 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\GetRightToGo
[2010/01/24 18:11:09 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/12/06 16:02:44 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\OpenOffice.org
[2009/09/01 02:30:13 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Trillian
[2010/05/15 21:24:33 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Ubisoft
[2009/07/05 21:22:17 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: RDPCDD.SYS >
[2004/08/10 07:00:00 | 000,004,224 | ---- | M] () MD5=037B5A6AE6457C7242317E78E2290975 -- I:\WINDOWS\system32\drivers\rdpcdd.sys
[2004/08/10 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- I:\WINDOWS\system32\dllcache\rdpcdd.sys
< End of report >


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:56 PM

Posted 24 May 2010 - 12:05 AM

Remember to do this when boting to the Reatogo Desktop.
QUOTE
After booting to the Reatogo Desktop, click on the Start menu, then Rightclick on Mycomputer. Select Manage, then Disk Management. Right click on the I: drive and change the drive letter to J:. Then right click on the C: drive and change the drive letter to I:.


First the Fix:
  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    QUOTE
    :files
    I:\data1.cab
    I:\data1.hdr
    I:\data2.cab
    I:\engine32.cab
    I:\keystone.ex_
    I:\layout.bin
    I:\modes.txt
    I:\nv4_disp.dl_
    I:\nv4_mini.sy_
    I:\nvapi.dl_
    I:\NvApps.xm_
    I:\nvcod.dl_
    I:\NVCPDA.HL_
    I:\NVCPDE.HL_
    I:\NVCPES.HL_
    I:\NVCPFI.HL_
    I:\NVCPFR.HL_
    I:\NVCPIT.HL_
    I:\NVCPJA.HL_
    I:\NVCPKO.HL_
    I:\NvCpl.dl_
    I:\NVCPL.HL_
    I:\NVCPNL.HL_
    I:\NVCPNO.HL_
    I:\NVCPPTB.HL_
    I:\NVCPSV.HL_
    I:\NVCPZHC.HL_
    I:\NVCPZHT.HL_
    I:\nvdd.cat
    I:\NVDD.INF
    I:\NVDisp.nvu
    I:\nvmccs.dl_
    I:\nvmccsrs.dl_
    I:\NvMCTray.dl_
    I:\nvoglnt.dl_
    I:\NVRSDA.dl_
    I:\NVRSDE.dl_
    I:\NVRSES.dl_
    I:\NVRSFI.dl_
    I:\NVRSFR.dl_
    I:\NVRSIT.dl_
    I:\NVRSJA.dl_
    I:\NVRSKO.dl_
    I:\NVRSNL.dl_
    I:\NVRSNO.dl_
    I:\NVRSPTB.dl_
    I:\NVRSSV.dl_
    I:\NVRSZHC.dl_
    I:\NVRSZHT.dl_
    I:\nvsvc32.ex_
    I:\nvudisp.exe
    I:\nvwcpda.hl_
    I:\nvwcpde.hl_
    I:\nvwcpes.hl_
    I:\nvwcpfi.hl_
    I:\nvwcpfr.hl_
    I:\nvwcpit.hl_
    I:\nvwcpja.hl_
    I:\nvwcpko.hl_
    I:\nvwcpnl.hl_
    I:\nvwcpno.hl_
    I:\nvwcpptb.hl_
    I:\nvwcpsv.hl_
    I:\nvwcpzhc.hl_
    I:\nvwcpzht.hl_
    I:\nvwddi.dl_
    I:\nvwrsda.dl_
    I:\nvwrsde.dl_
    I:\nvwrses.dl_
    I:\nvwrsfi.dl_
    I:\nvwrsfr.dl_
    I:\nvwrsit.dl_
    I:\nvwrsja.dl_
    I:\nvwrsko.dl_
    I:\nvwrsnl.dl_
    I:\nvwrsno.dl_
    I:\nvwrsptb.dl_
    I:\nvwrssv.dl_
    I:\nvwrszhc.dl_
    I:\nvwrszht.dl_
    I:\README.TXT
    I:\setup.bmp
    I:\setup.exe
    I:\setup.ibt
    I:\setup.ini
    I:\setup.inx
    I:\setup.iss
    I:\setup.skin
    I:\WINDOWS\System32\drivers\rdpcdd.sys|I:\WINDOWS\system32\dllcache\rdpcdd.sys /replace

    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
    "Start"=dword:00000000

    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the I:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.
Second the Scan:

Restart the computer back to the OTLPE CD. (Change those drives letters)
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in
      /md5start
      RDPCDD.SYS
      /md5stop
  • Press Run Scan to start the scan.
  • When finished, the OTL.txt file will be recreated
  • Copy this file to your USB drive.
  • Please post the contents of the OTL.txt file in your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 zomgsupersack

zomgsupersack
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 24 May 2010 - 12:53 AM

Here are the results from the "Run Fix"

========== FILES ==========
I:\data1.cab moved successfully.
I:\data1.hdr moved successfully.
I:\data2.cab moved successfully.
I:\engine32.cab moved successfully.
I:\keystone.ex_ moved successfully.
I:\layout.bin moved successfully.
I:\modes.txt moved successfully.
I:\nv4_disp.dl_ moved successfully.
I:\nv4_mini.sy_ moved successfully.
I:\nvapi.dl_ moved successfully.
I:\NvApps.xm_ moved successfully.
I:\nvcod.dl_ moved successfully.
I:\NVCPDA.HL_ moved successfully.
I:\NVCPDE.HL_ moved successfully.
I:\NVCPES.HL_ moved successfully.
I:\NVCPFI.HL_ moved successfully.
I:\NVCPFR.HL_ moved successfully.
I:\NVCPIT.HL_ moved successfully.
I:\NVCPJA.HL_ moved successfully.
I:\NVCPKO.HL_ moved successfully.
I:\NvCpl.dl_ moved successfully.
I:\NVCPL.HL_ moved successfully.
I:\NVCPNL.HL_ moved successfully.
I:\NVCPNO.HL_ moved successfully.
I:\NVCPPTB.HL_ moved successfully.
I:\NVCPSV.HL_ moved successfully.
I:\NVCPZHC.HL_ moved successfully.
I:\NVCPZHT.HL_ moved successfully.
I:\nvdd.cat moved successfully.
I:\NVDD.INF moved successfully.
I:\NVDisp.nvu moved successfully.
I:\nvmccs.dl_ moved successfully.
I:\nvmccsrs.dl_ moved successfully.
I:\NvMCTray.dl_ moved successfully.
I:\nvoglnt.dl_ moved successfully.
I:\NVRSDA.dl_ moved successfully.
I:\NVRSDE.dl_ moved successfully.
I:\NVRSES.dl_ moved successfully.
I:\NVRSFI.dl_ moved successfully.
I:\NVRSFR.dl_ moved successfully.
I:\NVRSIT.dl_ moved successfully.
I:\NVRSJA.dl_ moved successfully.
I:\NVRSKO.dl_ moved successfully.
I:\NVRSNL.dl_ moved successfully.
I:\NVRSNO.dl_ moved successfully.
I:\NVRSPTB.dl_ moved successfully.
I:\NVRSSV.dl_ moved successfully.
I:\NVRSZHC.dl_ moved successfully.
I:\NVRSZHT.dl_ moved successfully.
I:\nvsvc32.ex_ moved successfully.
I:\nvudisp.exe moved successfully.
I:\nvwcpda.hl_ moved successfully.
I:\nvwcpde.hl_ moved successfully.
I:\nvwcpes.hl_ moved successfully.
I:\nvwcpfi.hl_ moved successfully.
I:\nvwcpfr.hl_ moved successfully.
I:\nvwcpit.hl_ moved successfully.
I:\nvwcpja.hl_ moved successfully.
I:\nvwcpko.hl_ moved successfully.
I:\nvwcpnl.hl_ moved successfully.
I:\nvwcpno.hl_ moved successfully.
I:\nvwcpptb.hl_ moved successfully.
I:\nvwcpsv.hl_ moved successfully.
I:\nvwcpzhc.hl_ moved successfully.
I:\nvwcpzht.hl_ moved successfully.
I:\nvwddi.dl_ moved successfully.
I:\nvwrsda.dl_ moved successfully.
I:\nvwrsde.dl_ moved successfully.
I:\nvwrses.dl_ moved successfully.
I:\nvwrsfi.dl_ moved successfully.
I:\nvwrsfr.dl_ moved successfully.
I:\nvwrsit.dl_ moved successfully.
I:\nvwrsja.dl_ moved successfully.
I:\nvwrsko.dl_ moved successfully.
I:\nvwrsnl.dl_ moved successfully.
I:\nvwrsno.dl_ moved successfully.
I:\nvwrsptb.dl_ moved successfully.
I:\nvwrssv.dl_ moved successfully.
I:\nvwrszhc.dl_ moved successfully.
I:\nvwrszht.dl_ moved successfully.
I:\README.TXT moved successfully.
I:\setup.bmp moved successfully.
I:\setup.exe moved successfully.
I:\setup.ibt moved successfully.
I:\setup.ini moved successfully.
I:\setup.inx moved successfully.
I:\setup.iss moved successfully.
I:\setup.skin moved successfully.
File I:\WINDOWS\System32\drivers\rdpcdd.sys successfully replaced with I:\WINDOWS\system32\dllcache\rdpcdd.sys
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\\"Start"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Andrew-Gregory
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: LocalService
-> No Temporary Internet Files cache folder defined!

User: NetworkService
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1394504 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12993478 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1427667 bytes

Total Files Cleaned = 15.00 mb

I:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.39.0 log created on 05242010_023453


And here are the results from the second scan...

OTL logfile created on: 5/24/2010 3:46:13 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 232.82 Gb Total Space | 165.46 Gb Free Space | 71.07% Space Free | Partition Type: NTFS
Drive J: | 1.87 Gb Total Space | 0.95 Gb Free Space | 50.70% Space Free | Partition Type: FAT
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/06/09 21:25:00 | 003,046,748 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- I:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/03/21 16:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- I:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (yeddef)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Disabled] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/01/12 00:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/12/31 12:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- I:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 10:58:48 | 000,263,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/22 07:35:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2007/12/18 05:51:35 | 000,179,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- I:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/30 14:07:22 | 000,242,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/04/23 06:32:54 | 000,364,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2007/03/21 15:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\iaStor.sys -- (iastor)
DRV - [2007/02/09 07:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- I:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2006/09/28 22:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 21:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/08/21 05:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- I:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2006/06/14 05:00:45 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2006/06/14 04:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2006/06/14 04:47:45 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2006/06/05 06:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/05/05 05:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2006/03/20 19:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/02/14 20:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2005/06/20 21:52:55 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2005/06/10 00:09:46 | 000,139,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2005/05/12 21:54:10 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2004/12/13 17:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/09/29 18:28:37 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/12 20:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/10 07:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/10 07:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/10 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/10 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/10 07:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/10 07:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- I:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/10 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/10 07:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/10 07:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- I:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/10 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/10 07:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/10 07:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/10 07:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/10 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- I:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2004/08/10 07:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/10 07:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- I:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/10 07:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- I:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/10 07:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- I:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/10 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/10 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/10 07:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/10 07:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/10 07:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/10 07:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/10 07:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/10 07:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/10 07:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2004/08/10 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/10 07:00:00 | 000,036,096 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2004/08/10 07:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/10 07:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2004/08/10 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/10 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/10 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/10 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/10 07:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/10 07:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/10 07:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/10 07:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/10 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/10 07:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/10 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/10 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/10 07:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/10 07:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- I:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/10 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2004/08/10 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/10 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/10 07:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/10 07:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2004/08/10 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/10 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/10 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/10 07:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/10 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- I:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/10 07:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/10 07:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/10 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2004/08/10 07:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2004/08/10 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/10 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- I:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/10 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- I:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/10 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/10 07:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/10 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/10 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/10 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/10 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/08/10 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- I:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2004/08/10 06:45:04 | 000,011,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV)
DRV - [2004/08/04 04:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/04 02:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 02:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\USBSTOR.SYS -- (usbstor)
DRV - [2004/08/04 02:08:44 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/04 02:08:38 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/04 02:08:38 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/04 02:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 02:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/04 02:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/04 02:01:16 | 000,196,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2004/08/04 01:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/04 01:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/04 01:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/03 18:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/08/03 18:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- I:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System] -- I:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 17:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 16:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 09:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Andrew-Gregory_ON_I\Software\Microsoft\Internet Explorer\Main,Local Page = I:\WINDOWS\system32\blank.htm
IE - HKU\Andrew-Gregory_ON_I\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Andrew-Gregory_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\Andrew-Gregory_ON_I\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - I:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\Andrew-Gregory_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\systemprofile_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: I:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/06 16:01:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/02/14 17:54:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010/05/16 23:29:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010/05/16 23:29:40 | 000,000,000 | ---D | M]

[2010/05/21 02:41:02 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\extensions
[2010/05/05 23:13:45 | 000,000,000 | ---D | M] (Default) -- I:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/06 16:01:15 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/04/01 13:58:18 | 000,023,000 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/01 13:58:19 | 000,138,712 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- I:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/04/10 20:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/12/06 16:01:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2010/04/01 13:58:20 | 000,064,984 | ---- | M] (mozilla.org) -- I:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/02/27 15:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- I:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/01/14 18:39:32 | 000,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- I:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/05/01 17:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- I:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/04/01 11:56:18 | 000,001,394 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/01 11:56:18 | 000,002,193 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/01 11:56:18 | 000,001,534 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/01 11:56:18 | 000,002,344 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/01 11:56:18 | 000,002,371 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/01 11:56:18 | 000,001,178 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/01 11:56:18 | 000,001,096 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/05/24 02:35:01 | 000,000,098 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\Andrew-Gregory_ON_I\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Andrew-Gregory_ON_I\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Andrew-Gregory_ON_I\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ehTray] I:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] I:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [QuickTime Task] I:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] I:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SNM] I:\Program Files\SpyNoMore\SNM.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] I:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Andrew-Gregory_ON_I..\Run: [Aim] I:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKU\Andrew-Gregory_ON_I..\Run: [Google Update] I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\Andrew-Gregory_ON_I..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\Andrew-Gregory_ON_I..\Run: [Steam] i:\program files\steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\Andrew-Gregory_ON_I..\RunOnce: [] I:\WINDOWS\System32\osk.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = I:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = I:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Andrew-Gregory_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - I:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - I:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - I:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - I:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - I:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - I:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - I:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - I:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - I:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) - I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - I:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - I:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - I:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - I:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - I:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - I:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - I:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - I:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - I:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - I:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - I:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - I:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - I:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - I:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - I:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - I:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - I:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - I:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - I:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{91329971-2859-11df-9c50-001676b5c8f3}\Shell - "" = AutoRun
O33 - MountPoints2\{91329971-2859-11df-9c50-001676b5c8f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91329971-2859-11df-9c50-001676b5c8f3}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/24 02:34:53 | 000,000,000 | ---D | C] -- I:\_OTL
[2010/05/22 01:13:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Malwarebytes
[2010/05/22 01:13:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/22 01:13:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[2010/05/22 01:13:04 | 000,000,000 | ---D | C] -- I:\Program Files\Malwarebytes' Anti-Malware
[2010/05/21 22:44:48 | 000,000,000 | ---D | C] -- I:\Config.Msi
[2010/05/21 22:34:01 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/21 21:42:54 | 000,000,000 | ---D | C] -- I:\GamepotUSA
[2010/05/21 21:11:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\PMB Files
[2010/05/21 21:10:53 | 000,000,000 | ---D | C] -- I:\Program Files\Pando Networks
[2010/05/21 02:32:26 | 038,808,920 | ---- | C] (Microsoft Corporation) -- I:\Documents and Settings\Andrew-Gregory\Desktop\FileFormatConverters.exe
[2010/05/20 09:12:48 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft Office
[2010/05/20 09:12:32 | 000,000,000 | ---D | C] -- I:\Program Files\MSECache
[2010/05/15 21:24:33 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Ubisoft
[2010/05/08 23:34:49 | 000,000,000 | ---D | C] -- I:\Program Files\mektek.net
[2010/04/25 14:04:14 | 000,267,272 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_10.dll
[2010/04/25 14:04:13 | 003,734,536 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_36.dll
[2010/04/25 14:04:13 | 001,374,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\D3DCompiler_36.dll
[2010/04/25 14:04:13 | 000,444,776 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx10_36.dll
[2010/04/25 14:04:12 | 003,727,720 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_35.dll
[2010/04/25 14:04:12 | 001,358,192 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\D3DCompiler_35.dll
[2010/04/25 14:04:12 | 000,444,776 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx10_35.dll
[2010/04/25 14:04:12 | 000,267,112 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_9.dll
[2010/04/25 14:04:11 | 003,497,832 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_34.dll
[2010/04/25 14:04:11 | 001,124,720 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\D3DCompiler_34.dll
[2010/04/25 14:04:11 | 000,443,752 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx10_34.dll
[2010/04/25 14:04:11 | 000,266,088 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_8.dll
[2010/04/25 14:04:11 | 000,017,928 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\X3DAudio1_2.dll
[2010/04/25 14:04:10 | 000,261,480 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_7.dll
[2010/04/25 14:04:03 | 000,255,848 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_6.dll
[2010/04/25 14:04:02 | 003,426,072 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_32.dll
[2010/04/25 14:04:02 | 000,251,672 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_5.dll
[2010/04/25 14:04:02 | 000,237,848 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_4.dll
[2010/04/25 14:04:02 | 000,015,128 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\x3daudio1_1.dll
[2010/04/25 14:04:01 | 002,414,360 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_31.dll
[2010/04/25 14:04:01 | 000,236,824 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_3.dll
[2010/04/25 14:04:01 | 000,062,744 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xinput1_2.dll
[2010/04/25 14:04:00 | 000,230,168 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_2.dll
[2010/04/25 14:03:59 | 000,229,584 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_1.dll
[2010/04/25 14:03:59 | 000,062,672 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xinput1_1.dll
[2010/04/25 14:03:51 | 002,332,368 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_29.dll
[2010/04/25 14:03:51 | 000,230,096 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xactengine2_0.dll
[2010/04/25 14:03:51 | 000,014,032 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\x3daudio1_0.dll
[2010/04/25 14:03:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_28.dll
[2010/04/25 14:03:50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_27.dll
[2010/04/25 14:03:50 | 002,297,552 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_26.dll
[2010/04/25 14:03:50 | 000,061,136 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xinput9_1_0.dll
[2010/04/25 14:03:49 | 002,337,488 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_25.dll
[2010/04/25 14:03:42 | 002,222,800 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\d3dx9_24.dll

========== Files - Modified Within 30 Days ==========

[2010/05/24 02:36:25 | 003,407,872 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.dat
[2010/05/23 06:28:01 | 000,229,376 | ---- | M] () -- I:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/23 06:27:59 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2010/05/23 06:27:58 | 000,000,178 | -HS- | M] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.ini
[2010/05/23 03:29:59 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2010/05/22 01:10:05 | 003,184,656 | -H-- | M] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\IconCache.db
[2010/05/21 22:46:52 | 000,421,120 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/21 22:35:51 | 000,128,720 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/21 22:14:00 | 000,000,902 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/21 21:45:01 | 000,001,014 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1972579041-725345543-1003UA.job
[2010/05/21 20:26:59 | 000,271,490 | ---- | M] () -- I:\WINDOWS\System32\NvApps.xml
[2010/05/21 20:26:58 | 000,000,898 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/21 20:26:53 | 000,000,006 | -H-- | M] () -- I:\WINDOWS\tasks\SA.DAT
[2010/05/21 09:07:47 | 000,015,872 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\My Documents\Heart of Darkness scaffold.doc
[2010/05/21 07:45:00 | 000,000,962 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1972579041-725345543-1003Core.job
[2010/05/21 02:33:11 | 000,233,472 | ---- | M] () -- I:\Documents and Settings\LocalService\ntuser.dat
[2010/05/21 02:32:49 | 038,808,920 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\Andrew-Gregory\Desktop\FileFormatConverters.exe
[2010/05/08 17:50:50 | 000,026,624 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/05 23:10:04 | 001,310,208 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\My Documents\Vocabulary #16 Worksheets.doc
[2010/04/29 18:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 18:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 18:46:47 | 000,002,351 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\Desktop\Google Chrome.lnk
[2010/04/25 20:14:40 | 001,248,768 | ---- | M] () -- I:\Documents and Settings\Andrew-Gregory\My Documents\Vocabulary #15 Worksheets.doc

========== Files Created - No Company Name ==========

[2010/05/23 14:55:58 | 000,008,192 | -H-- | C] () -- I:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
[2010/05/21 09:07:45 | 000,015,872 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\My Documents\Heart of Darkness scaffold.doc
[2010/05/21 02:33:11 | 003,407,872 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.dat
[2010/05/21 02:33:11 | 000,233,472 | ---- | C] () -- I:\Documents and Settings\LocalService\ntuser.dat
[2010/05/21 02:31:31 | 000,012,410 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\Desktop\heartofdarkness.docx
[2010/05/20 02:14:25 | 000,010,240 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\Desktop\heart of darkness scaffold.wps
[2010/05/05 23:10:01 | 001,310,208 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\My Documents\Vocabulary #16 Worksheets.doc
[2010/04/25 20:14:37 | 001,248,768 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\My Documents\Vocabulary #15 Worksheets.doc
[2010/02/14 02:50:46 | 000,000,262 | ---- | C] () -- I:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/25 16:07:10 | 000,274,432 | ---- | C] () -- I:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2009/09/19 00:30:57 | 000,001,152 | ---- | C] () -- I:\WINDOWS\System32\windrv.sys
[2009/06/17 04:42:10 | 000,026,624 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/14 18:33:53 | 000,876,544 | ---- | C] () -- I:\WINDOWS\System32\TEACico2.dll
[2009/06/14 16:31:26 | 000,000,137 | ---- | C] () -- I:\Documents and Settings\Andrew-Gregory\Local Settings\Application Data\fusioncache.dat
[2009/06/14 16:28:22 | 000,000,178 | -HS- | C] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.ini
[2009/06/14 16:28:21 | 000,028,672 | -H-- | C] () -- I:\Documents and Settings\Andrew-Gregory\ntuser.dat.LOG
[2009/06/14 16:27:18 | 000,000,020 | -HS- | C] () -- I:\Documents and Settings\LocalService\ntuser.ini
[2009/06/14 16:27:17 | 000,008,192 | -H-- | C] () -- I:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/06/14 16:27:04 | 000,229,376 | ---- | C] () -- I:\Documents and Settings\NetworkService\NTUSER.DAT
[2009/06/14 16:27:04 | 000,008,192 | -H-- | C] () -- I:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/06/14 16:27:04 | 000,000,020 | -HS- | C] () -- I:\Documents and Settings\NetworkService\ntuser.ini
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- I:\WINDOWS\System32\psisdecd.dll
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- I:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/06/14 18:46:01 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\acccore
[2009/09/01 02:18:40 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Aim
[2010/04/18 21:16:52 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Braid
[2009/10/25 03:11:28 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\GameRanger
[2009/09/19 00:30:46 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\GetRightToGo
[2010/01/24 18:11:09 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/12/06 16:02:44 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\OpenOffice.org
[2009/09/01 02:30:13 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Trillian
[2010/05/15 21:24:33 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Ubisoft
[2009/07/05 21:22:17 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Andrew-Gregory\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: RDPCDD.SYS >
[2004/08/10 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- I:\WINDOWS\system32\dllcache\rdpcdd.sys
[2004/08/10 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- I:\WINDOWS\system32\drivers\rdpcdd.sys
< End of report >


#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:56 PM

Posted 24 May 2010 - 04:48 PM

The fix went thru. Boot in Normal Mode, if successful, obtain an internet connection and follow these steps:(This time no need to change the drive letters)

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest version.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure the following are checked
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.

Upgrading Java :
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 20 .
  • Click the JDK 6 Update 20 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u20-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u20-windows-i586.exe and select "Run as an Administrator.")

Edited by JSntgRvr, 24 May 2010 - 04:49 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 zomgsupersack

zomgsupersack
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 25 May 2010 - 02:20 AM

Here is the MBAM log...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4140

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/24/2010 10:22:13 PM
mbam-log-2010-05-24 (22-22-13).txt

Scan type: Quick scan
Objects scanned: 116673
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
I:\Documents and Settings\Andrew-Gregory\Local Settings\Temporary Internet Files\Content.IE5\6B0BPABG\n002102318801r0409J10000601Rce16caf1W160c5afaXd8f91c6eY930e5ed1Z03003f361[1] (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
I:\Documents and Settings\Andrew-Gregory\Local Settings\Temporary Internet Files\Content.IE5\91E1Y8CU\n002102318801r0409J10000601Rce16caf1W160c5afaXd8f91c6eY930e5ed1Z03003f360[1] (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
I:\Documents and Settings\Andrew-Gregory\Local Settings\Temporary Internet Files\Content.IE5\Z6ACG2BX\n002102318801r0409J10000601R71f6a107Wec569f27Xd8eb34c5Y930e5ed1Z03003f360[1] (Rogue.AntispywareSoft) -> Quarantined and deleted successfully.

And here is the Kapersky Online Scanner log...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, May 25, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, May 25, 2010 00:55:45
Records in database: 4171345
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 66179
Threats found: 4
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 01:24:24


File name / Threat / Threats count
I:\Documents and Settings\Andrew-Gregory\Application Data\Sun\Java\Deployment\cache\6.0\35\37e5fd23-4137d228 Infected: Exploit.Java.Agent.f 1
I:\Documents and Settings\Andrew-Gregory\Application Data\Sun\Java\Deployment\cache\6.0\35\37e5fd23-4137d228 Infected: Trojan-Downloader.Java.OpenStream.af 1
I:\Documents and Settings\Andrew-Gregory\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-329a334c Infected: Trojan-Downloader.Java.OpenConnection.at 1
I:\Documents and Settings\Andrew-Gregory\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-329a334c Infected: Exploit.Java.Agent.f 1
I:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\3\12a49b83-181e6d54 Infected: Exploit.Java.Agent.f 1
I:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\3\12a49b83-181e6d54 Infected: Trojan-Downloader.Java.OpenStream.ad 1

Selected area has been scanned.


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:56 PM

Posted 25 May 2010 - 11:47 AM

Lets empty the temp folders:

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
How is the computer doing?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 zomgsupersack

zomgsupersack
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 25 May 2010 - 04:53 PM

The computer is running great! Thanks a lot! thumbup.gif

Apparently, that TFC tool removed about a gigabyte of stuff. Haha. I noticed that you said "depending on how often you clean your temp files." So would that mean I am able to use this tool whenever I want? If so, how often do you recommend cleaning out the temp files?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users