Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Infection..?


  • This topic is locked This topic is locked
75 replies to this topic

#1 carz88

carz88

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 08 June 2010 - 02:56 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/321994/malwarevirus-infection/ ~ OB

Hello, My computer seems to be infected with something called a rootkit. I have, so far been unable to remove it. I tried using Malwarebytes to scan and remove, but it was unable to update and remove.

Sometimes the computer shuts down and shows the blue screen with a few numbers such as 0x0000007E and 0x0000005. Im being constantly redirected when i try to use the internet.

I tried following the instructions as best i could, but i wasn't able to get the GMER log. I tried about 5 times, but it kept freezing the computer during the scan then showed the blue screen again. Hopefully i have done everything properly.

Thanks for your help!



DDS (Ver_10-03-17.01) - NTFSx86
Run by Tristan at 23:49:54.12 on Mon 06/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.624 [GMT -5:00]


============== Running Processes ===============

E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
"E:\WINDOWS\System32\svchost.exe"
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Analog Devices\Core\smax4pnp.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\DNA\btdna.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Tristan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BitTorrent DNA] "e:\program files\dna\btdna.exe"
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] e:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMAXPnP] e:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: !SASWinLogon - e:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: e:\windows\system32\curslib.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\tristan\applic~1\mozilla\firefox\profiles\tp5hga63.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: e:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: e:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: e:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;e:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;e:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 RalinkRegistryWriter;Ralink Registry Writer;e:\program files\ralink\common\RalinkRegistryWriter.exe [2009-6-29 69632]
R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\viewpoint\common\ViewpointService.exe [2009-5-9 24652]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;e:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 {47522A72-96A9-4B8D-B97189E0BE427161};{47522A72-96A9-4B8D-B97189E0BE427161};e:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
S3 {7FEEFE1B-9022-43F5-92030D3AB2C74D54};{7FEEFE1B-9022-43F5-92030D3AB2C74D54};\??\e:\windows\temp\25e.tmp --> e:\windows\temp\25E.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;e:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;e:\windows\system32\drivers\rt2870.sys [2009-6-29 580096]
S3 UNDPX2K;UNDPX2K; [x]
S3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem; [x]

=============== Created Last 30 ================

2010-06-08 04:46:44 0 ----a-w- e:\documents and settings\tristan\defogger_reenable
2010-06-06 04:50:45 0 d-----w- e:\docume~1\tristan\applic~1\SUPERAntiSpyware.com
2010-06-06 04:50:45 0 d-----w- e:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-06 04:50:08 0 d-----w- e:\program files\SUPERAntiSpyware
2010-06-05 22:24:43 54016 ----a-w- e:\windows\system32\drivers\yrspnyti.sys
2010-06-05 05:49:47 50981 ----a-w- e:\windows\system32\ljwdloyydha.exe
2010-06-05 05:49:12 823808 ----a-w- e:\windows\system32\drivers\mioolnf.sys
2010-05-24 16:31:20 40633 ----a-w- e:\windows\system32\bmglwjwz.exe
2010-05-24 06:09:55 90624 -c--a-w- e:\windows\system32\dllcache\kswdmcap.ax
2010-05-24 06:09:55 90624 ----a-w- e:\windows\system32\kswdmcap.ax
2010-05-24 06:09:55 28672 -c--a-w- e:\windows\system32\dllcache\vidcap.ax
2010-05-24 06:09:55 28672 ----a-w- e:\windows\system32\vidcap.ax
2010-05-24 06:09:54 61952 -c--a-w- e:\windows\system32\dllcache\kstvtune.ax
2010-05-24 06:09:54 61952 ----a-w- e:\windows\system32\kstvtune.ax
2010-05-24 06:09:54 53760 -c--a-w- e:\windows\system32\dllcache\vfwwdm32.dll
2010-05-24 06:09:54 53760 ----a-w- e:\windows\system32\vfwwdm32.dll
2010-05-24 06:09:52 43008 -c--a-w- e:\windows\system32\dllcache\ksxbar.ax
2010-05-24 06:09:52 43008 ----a-w- e:\windows\system32\ksxbar.ax
2010-05-24 06:09:40 0 d-----w- e:\docume~1\tristan\applic~1\ManyCam
2010-05-24 06:09:39 0 d-----w- e:\program files\ManyCam 2.4
2010-05-12 02:13:25 0 d-----w- e:\documents and settings\tristan\Audio
2010-05-12 02:01:56 0 d-----w- e:\docume~1\tristan\applic~1\Steinberg
2010-05-12 02:01:27 368640 ----a-w- e:\windows\system32\ReWire.dll
2010-05-12 02:01:27 1324544 ----a-w- e:\windows\system32\SYNSOAIR.DLL
2010-05-12 02:00:41 0 d-----w- e:\program files\Steinberg
2010-05-12 02:00:41 0 d-----w- e:\program files\common files\VST3
2010-05-12 02:00:41 0 d-----w- e:\program files\common files\Steinberg
2010-05-12 01:08:26 0 d-----w- e:\program files\common files\PACE Anti-Piracy
2010-05-12 01:08:26 0 d-----w- e:\docume~1\tristan\applic~1\PACE Anti-Piracy
2010-05-12 01:08:26 0 d-----w- e:\docume~1\alluse~1\applic~1\PACE Anti-Piracy
2010-05-12 01:06:22 0 d-----w- e:\program files\InterLok

==================== Find3M ====================

2010-04-29 20:39:38 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39:26 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-03-10 06:15:52 420352 ----a-w- e:\windows\system32\vbscript.dll

============= FINISH: 23:50:10.04 ===============

Attached Files


Edited by Orange Blossom, 08 June 2010 - 03:28 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:10 AM

Posted 11 June 2010 - 05:03 PM

Hi carz88,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.

Please update me on the current condition of your computer in case the issue is not resolved.
  1. Run GMER, uncheck all boxes except the box next to Sections (C drive should remain checked), click Scan.
    When it finished press Save to save the log and post it to your reply. It will not take more than a minute.

  2. Run GMER, uncheck all boxes except the box next to Registry (C drive should remain checked), click Scan.
    When it finished press Save to save the log and post it to your reply. It will not take more than a minute.

  3. Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).

    Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    CODE
    @echo off
    if exist mbr.log del mbr.log
    mbr.exe -t
    ping 1.1.1.1 -n 1 -w 1000 >nul
    start mbr.log

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate look.bat on the desktop. It should look like this:
    • Double-click to run it.
    • A notepad opens, copy and paste the content (log.txt) to your reply.

  4. Please run DDS and post a fresh DDS.txt to your reply. No need for the Attach.txt


#3 carz88

carz88
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 11 June 2010 - 07:27 PM

Hi, thanks for responding. When i tried to download MBR.EXE, my computer froze and shut down. I tried about 4 times and this continually happened. Now, when i try to start the computer i simply get a black screen after the bios loads. Dont know what to do now..

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:10 AM

Posted 11 June 2010 - 07:38 PM

Please when you face any problem consult me before retrying.

QUOTE
When i tried to download MBR.EXE, my computer froze and shut down.

It shut down when you tried to download or try to run the batch file?
When you wanted to download it you

Please try this:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Let me know if you get to Advanced boot menu.


#5 carz88

carz88
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 11 June 2010 - 11:49 PM

It shut down when i clicked the link and tried to download. One time, it said something about a keyboard issue, but it hasn't come up again. After hitting F8, i get to the menu...i tried booting into safe mode but about half a page of numbers loaded then it just stops (it usually loads a full page of stuff, i think)

Thanks.

Edited by carz88, 11 June 2010 - 11:50 PM.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:10 AM

Posted 12 June 2010 - 05:54 AM

Let's try this before doing something else:

Use F8 to get to advanced boot options and choose Last know Good configuration. In case you could not boot to Windows proceed with the next part:
  1. We need to create an OTL Report
  2. If you have Nero:
    • Open Nero SmartStart.
    • Under Applications tab Select Nero Burning Rom
    • In the left pane CD-ROM (ISO) should be highlighted.
    • At the bottom of the open window click Open.
    • In the open window select desktop, highlight the rc.iso file on the desktop and click Open.
    • Put a blank CD in your computer burner and press Burn.
    • When the disk finishes, eject the CD.

  3. If you don't have Nero:
  4. Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
    • Please be patient as "Windows" loads
    • Your system should now display a REATOGO-X-PE desktop.
      Note: In case you did not get this screen your computer is not set to boot from CD-ROM and you should change the BIOS set up as describe in How to Set BIOS to Boot from CDROM
    • Double click on the OTLPE icon on your desktop.
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • On make sure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • For each section there are three options (None, SafeList and All). Change the following settings:
      • Set "Files Created Within" and "Files Modified Within" to ""File Age" " while the scroll down at the top is set to the defaut which is 30 days.
      • Set all the other sections to "All".
    • Copy and Paste the following code into the Custom Scan section. Do not include the word "Code"

      Please note: You can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

      CODE
      netsvcs
      %systemroot%\tasks\*.job
      %SYSTEMDRIVE%\*.exe
      /md5start
      iaStor.sys
      nvstor.sys
      atapi.sys
      disk.sys
      classpnp.sys
      kbdclass.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\*. /mp /s
    • Push runscan button
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive.
    • Please post the contents of the C:\OTL.txt file in your reply.


#7 carz88

carz88
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 13 June 2010 - 12:33 AM

Hi, I'm not having any success downloading the OTLPE-ISO file..both links are giving me page not found and 404 error. So sorry for the inconvenience. Thanks so much for your help.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:10 AM

Posted 13 June 2010 - 06:34 AM

Yes I'm sorry. The developer had made it easier and changed the download link.
  1. We need to make a Boot CD.

  2. Insert the boot CD to problem computer and restart.
      Note :In order to boot with boot CD the computer must be set to boot from the CD first. For information click here
    • Your system should now display a REATOGO-X-PE desktop.
    • Double-click on the OTLPE icon.
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start
    • OTL should now start.
    • For each section there are three options (None, SafeList and All). Change the following settings:
      • Set "Files Created Within" and "Files Modified Within" to ""File Age" " while the scroll down at the top is set to the defaut which is 30 days.
      • Set all the other sections to "All".
    • Copy and Paste the following code into the Custom Scan section. Do not include the word "Code"

      Please note: You can use a flash drive and copy this script into a txt file from a clean computer to transfer to this computer.

      CODE
      netsvcs
      %systemroot%\tasks\*.job
      %SYSTEMDRIVE%\*.exe
      /md5start
      iaStor.sys
      nvstor.sys
      atapi.sys
      disk.sys
      classpnp.sys
      kbdclass.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\*. /mp /s
    • Push Runscan button
    • When finished, the file will be saved in drive E:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the E:\OTL.txt file in your reply.


#9 carz88

carz88
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 13 June 2010 - 09:01 PM

Hi, I've finally completed all the steps. Hopefully I've done everything correctly.

Here are the results of the OTL report.

Thanks again.


OTL logfile created on: 6/14/2010 12:54:53 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 809.00 Mb Available Physical Memory | 79.00% Memory free
906.00 Mb Paging File | 835.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 37.24 Gb Total Space | 8.55 Gb Free Space | 22.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 489.67 Mb Total Space | 9.54 Mb Free Space | 1.95% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Win32 Services (All) ==========

SRV - File not found [On_Demand] -- -- (xmlprov)
SRV - File not found [On_Demand] -- -- (WZCSVC)
SRV - File not found [On_Demand] -- -- (WudfSvc)
SRV - File not found [Auto] -- -- (wuauserv)
SRV - File not found [Auto] -- -- (wscsvc)
SRV - File not found [On_Demand] -- -- (WMPNetworkSvc)
SRV - File not found [On_Demand] -- -- (WmiApSrv)
SRV - File not found [On_Demand] -- -- (Wmi)
SRV - File not found [On_Demand] -- -- (WmdmPmSN)
SRV - File not found [Auto] -- -- (winmgmt)
SRV - File not found [Auto] -- -- (WebClient)
SRV - File not found [Auto] -- -- (W32Time)
SRV - File not found [On_Demand] -- -- (VSS)
SRV - File not found [Auto] -- -- (Viewpoint Manager Service)
SRV - File not found [On_Demand] -- -- (UPS)
SRV - File not found [On_Demand] -- -- (upnphost)
SRV - File not found [Auto] -- -- (TrkWks)
SRV - File not found [Disabled] -- -- (TlntSvr)
SRV - File not found [Auto] -- -- (Themes)
SRV - File not found [Auto] -- -- (TermService)
SRV - File not found [On_Demand] -- -- (TapiSrv)
SRV - File not found [On_Demand] -- -- (SysmonLog)
SRV - File not found [On_Demand] -- -- (SwPrv)
SRV - File not found [On_Demand] -- -- (stisvc) Windows Image Acquisition (WIA)
SRV - File not found [On_Demand] -- -- (SSDPSRV)
SRV - File not found [Auto] -- -- (srservice)
SRV - File not found [Auto] -- -- (Spooler)
SRV - File not found [Auto] -- -- (ShellHWDetection)
SRV - File not found [Disabled] -- -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - File not found [Auto] -- -- (SENS)
SRV - File not found [Auto] -- -- (seclogon)
SRV - File not found [Auto] -- -- (Schedule)
SRV - File not found [On_Demand] -- -- (SCardSvr)
SRV - File not found [Auto] -- -- (SamSs)
SRV - File not found [On_Demand] -- -- (RSVP)
SRV - File not found [Auto] -- -- (RpcSs) Remote Procedure Call (RPC)
SRV - File not found [On_Demand] -- -- (RpcLocator) Remote Procedure Call (RPC)
SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto] -- -- (RemoteRegistry)
SRV - File not found [Disabled] -- -- (RemoteAccess)
SRV - File not found [On_Demand] -- -- (RDSessMgr)
SRV - File not found [On_Demand] -- -- (RasMan)
SRV - File not found [On_Demand] -- -- (RasAuto)
SRV - File not found [Auto] -- -- (RalinkRegistryWriter)
SRV - File not found [Auto] -- -- (ProtectedStorage)
SRV - File not found [Auto] -- -- (PolicyAgent)
SRV - File not found [Auto] -- -- (PlugPlay)
SRV - File not found [On_Demand] -- -- (NtmsSvc)
SRV - File not found [On_Demand] -- -- (NtLmSsp)
SRV - File not found [On_Demand] -- -- (Nla) Network Location Awareness (NLA)
SRV - File not found [Disabled] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand] -- -- (Netman)
SRV - File not found [On_Demand] -- -- (Netlogon)
SRV - File not found [Disabled] -- -- (NetDDEdsdm)
SRV - File not found [Disabled] -- -- (NetDDE)
SRV - File not found [On_Demand] -- -- (MSIServer)
SRV - File not found [On_Demand] -- -- (MSDTC)
SRV - File not found [On_Demand] -- -- (mnmsrvc)
SRV - File not found [Disabled] -- -- (Messenger)
SRV - File not found [Auto] -- -- (LmHosts)
SRV - File not found [Auto] -- -- (lanmanworkstation)
SRV - File not found [Auto] -- -- (lanmanserver)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [On_Demand] -- -- (ImapiService)
SRV - File not found [On_Demand] -- -- (idsvc)
SRV - File not found [On_Demand] -- -- (HTTPFilter)
SRV - File not found [Auto] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (FontCache3.0.0.0)
SRV - File not found [Auto] -- -- (FastUserSwitchingCompatibility)
SRV - File not found [On_Demand] -- -- (EventSystem)
SRV - File not found [Auto] -- -- (Eventlog)
SRV - File not found [Auto] -- -- (ERSvc)
SRV - File not found [Auto] -- -- (Dnscache)
SRV - File not found [Auto] -- -- (dmserver)
SRV - File not found [On_Demand] -- -- (dmadmin)
SRV - File not found [Auto] -- -- (Dhcp)
SRV - File not found [Auto] -- -- (DcomLaunch)
SRV - File not found [Auto] -- -- (CryptSvc)
SRV - File not found [On_Demand] -- -- (COMSysApp)
SRV - File not found [Auto] -- -- (clr_optimization_v2.0.50727_32)
SRV - File not found [Disabled] -- -- (ClipSrv)
SRV - File not found [On_Demand] -- -- (CiSvc)
SRV - File not found [Auto] -- -- (Browser)
SRV - File not found [Auto] -- -- (Bonjour Service)
SRV - File not found [On_Demand] -- -- (BITS)
SRV - File not found [Auto] -- -- (AudioSrv)
SRV - File not found [Auto] -- -- (ATI Smart)
SRV - File not found [Auto] -- -- (Ati HotKey Poller)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - File not found [On_Demand] -- -- (ALG)
SRV - File not found [Disabled] -- -- (Alerter)
SRV - File not found [On_Demand] -- -- ({47522A72-96A9-4B8D-B97189E0BE427161})
SRV - [2004/08/04 00:56:46 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WudfRd)
DRV - File not found [Kernel | On_Demand] -- -- (WudfPf)
DRV - File not found [Kernel | On_Demand] -- -- (WSTCODEC)
DRV - File not found [Adapter | On_Demand] -- -- (Winsock)
DRV - File not found [Kernel | On_Demand] -- -- (wdmaud)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Wdf01000)
DRV - File not found [Kernel | On_Demand] -- -- (Wanarp)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | System] -- -- (VgaSave)
DRV - File not found [Kernel | On_Demand] -- -- (usbuhci)
DRV - File not found [Kernel | On_Demand] -- -- (USBSTOR)
DRV - File not found [Kernel | On_Demand] -- -- (usbhub)
DRV - File not found [Kernel | On_Demand] -- -- (usbehci)
DRV - File not found [Kernel | On_Demand] -- -- (UsbCmxp)
DRV - File not found [Kernel | On_Demand] -- -- (USBCM)
DRV - File not found [Kernel | On_Demand] -- -- (usbccgp)
DRV - File not found [Kernel | On_Demand] -- -- (Update)
DRV - File not found [Kernel | On_Demand] -- -- (UNDPX2K)
DRV - File not found [Kernel | On_Demand] -- -- (UNDPX2A)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [File_System | Disabled] -- -- (Udfs)
DRV - File not found [Kernel | Boot] -- -- (TPkd)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | System] -- -- (TermDD)
DRV - File not found [Kernel | On_Demand] -- -- (TDTCP)
DRV - File not found [Kernel | On_Demand] -- -- (TDPIPE)
DRV - File not found [Kernel | System] -- -- (Tcpip)
DRV - File not found [Kernel | On_Demand] -- -- (sysaudio)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | On_Demand] -- -- (swmidi)
DRV - File not found [Kernel | On_Demand] -- -- (swenum)
DRV - File not found [Kernel | On_Demand] -- -- (streamip)
DRV - File not found [File_System | On_Demand] -- -- (Srv)
DRV - File not found [File_System | Boot] -- -- (sr)
DRV - File not found [Kernel | On_Demand] -- -- (splitter)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | On_Demand] -- -- (smwdm)
DRV - File not found [Kernel | On_Demand] -- -- (SLIP)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | System] -- -- (Sfloppy)
DRV - File not found [Kernel | System] -- -- (Serial)
DRV - File not found [Kernel | On_Demand] -- -- (serenum)
DRV - File not found [Kernel | On_Demand] -- -- (senfilt)
DRV - File not found [Kernel | On_Demand] -- -- (Secdrv)
DRV - File not found [Kernel | System] -- -- (SASKUTIL)
DRV - File not found [Kernel | System] -- -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand] -- -- (rt2870)
DRV - File not found [Kernel | System] -- -- (redbook)
DRV - File not found [Kernel | On_Demand] -- -- (RDPWD)
DRV - File not found [Kernel | On_Demand] -- -- (rdpdr)
DRV - File not found [Kernel | System] -- -- (RDPCDD)
DRV - File not found [File_System | System] -- -- (Rdbss)
DRV - File not found [Kernel | On_Demand] -- -- (Raspti)
DRV - File not found [Kernel | On_Demand] -- -- (RasPppoe)
DRV - File not found [Kernel | On_Demand] -- -- (Rasl2tp) WAN Miniport (L2TP)
DRV - File not found [Kernel | System] -- -- (RasAcd)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | On_Demand] -- -- (Ptilink)
DRV - File not found [Kernel | On_Demand] -- -- (PSched)
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN Miniport (PPTP)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | Disabled] -- -- (Pcmcia)
DRV - File not found [Kernel | Boot] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (PCI)
DRV - File not found [Kernel | Auto] -- -- (ParVdm)
DRV - File not found [Kernel | Boot] -- -- (PartMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Parport)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System] -- -- (Null)
DRV - File not found [Kernel | On_Demand] -- -- (NuidFltr)
DRV - File not found [File_System | Disabled] -- -- (Ntfs)
DRV - File not found [File_System | System] -- -- (Npfs)
DRV - File not found [Kernel | On_Demand] -- -- (NPF)
DRV - File not found [Kernel | On_Demand] -- -- (nm)
DRV - File not found [Kernel | System] -- -- (NetBT)
DRV - File not found [File_System | System] -- -- (NetBIOS)
DRV - File not found [Kernel | On_Demand] -- -- (NDProxy)
DRV - File not found [Kernel | On_Demand] -- -- (NdisWan)
DRV - File not found [Kernel | On_Demand] -- -- (Ndisuio)
DRV - File not found [Kernel | On_Demand] -- -- (NdisTapi)
DRV - File not found [Kernel | On_Demand] -- -- (NdisIP)
DRV - File not found [Kernel | Boot] -- -- (NDIS)
DRV - File not found [Kernel | On_Demand] -- -- (NABTSFEC)
DRV - File not found [File_System | Boot] -- -- (Mup)
DRV - File not found [Kernel | On_Demand] -- -- (MSTEE)
DRV - File not found [Kernel | On_Demand] -- -- (mssmbios)
DRV - File not found [Kernel | On_Demand] -- -- (MSPQM)
DRV - File not found [Kernel | On_Demand] -- -- (MSPCLOCK)
DRV - File not found [Kernel | On_Demand] -- -- (MSKSSRV)
DRV - File not found [File_System | System] -- -- (Msfs)
DRV - File not found [File_System | System] -- -- (MRxSmb)
DRV - File not found [File_System | On_Demand] -- -- (MRxDAV)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | Boot] -- -- (MountMgr)
DRV - File not found [Kernel | On_Demand] -- -- (mouhid)
DRV - File not found [Kernel | System] -- -- (Mouclass)
DRV - File not found [Kernel | On_Demand] -- -- (Modem)
DRV - File not found [Kernel | System] -- -- (mnmdd)
DRV - File not found [Kernel | Boot] -- -- (mioolnf)
DRV - File not found [Kernel | On_Demand] -- -- (ManyCam)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot] -- -- (KSecDD)
DRV - File not found [Kernel | On_Demand] -- -- (kmixer)
DRV - File not found [Kernel | System] -- -- (kbdhid)
DRV - File not found [Kernel | System] -- -- (Kbdclass)
DRV - File not found [Kernel | Boot] -- -- (isapnp)
DRV - File not found [Kernel | On_Demand] -- -- (IRENUM)
DRV - File not found [Kernel | System] -- -- (IPSec)
DRV - File not found [Kernel | On_Demand] -- -- (IpNat)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IpFilterDriver)
DRV - File not found [Kernel | On_Demand] -- -- (Ip6Fw)
DRV - File not found [Kernel | System] -- -- (intelppm)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | System] -- -- (Imapi)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HTTP)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | On_Demand] -- -- (hidusb)
DRV - File not found [Kernel | On_Demand] -- -- (Gpc)
DRV - File not found [Kernel | On_Demand] -- -- (GEARAspiWDM)
DRV - File not found [Kernel | Boot] -- -- (Ftdisk)
DRV - File not found [Recognizer | System] -- -- (Fs_Rec)
DRV - File not found [File_System | Boot] -- -- (FltMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Flpydisk)
DRV - File not found [Kernel | System] -- -- (Fips)
DRV - File not found [Kernel | On_Demand] -- -- (Fdc)
DRV - File not found [File_System | Disabled] -- -- (Fastfat)
DRV - File not found [Kernel | On_Demand] -- -- (drmkaud)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | On_Demand] -- -- (DMusic)
DRV - File not found [Kernel | Boot] -- -- (dmload)
DRV - File not found [Kernel | Boot] -- -- (dmio)
DRV - File not found [Kernel | Disabled] -- -- (dmboot)
DRV - File not found [Kernel | Boot] -- -- (Disk)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Cdrom)
DRV - File not found [File_System | Disabled] -- -- (Cdfs)
DRV - File not found [Kernel | System] -- -- (Cdaudio)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand] -- -- (CCDECODE)
DRV - File not found [Kernel | Disabled] -- -- (cbidf2k)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - File not found [Kernel | On_Demand] -- -- (b57w2k)
DRV - File not found [Kernel | On_Demand] -- -- (audstub)
DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)
DRV - File not found [Kernel | On_Demand] -- -- (ati2mtag)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (AsyncMac)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | System] -- -- (AFD)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (ACPIEC)
DRV - File not found [Kernel | Boot] -- -- (ACPI)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - File not found [Kernel | On_Demand] -- -- ({7FEEFE1B-9022-43F5-92030D3AB2C74D54})


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\HelpAssistant_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Tristan_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKU\Tristan_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Tristan_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\Tristan_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\System32\ieframe.dll File not found
IE - HKU\Tristan_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: E:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins


Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (Browser Helper Object) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - E:\Program Files\Shared\lib.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\WINDOWS\System32\SHELL32.dll File not found
O3 - HKU\Tristan_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Tristan_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\System32\browseui.dll File not found
O3 - HKU\Tristan_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\WINDOWS\System32\SHELL32.dll File not found
O4 - HKLM..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe File not found
O4 - HKLM..\Run: [QuickTime Task] E:\Program Files\QuickTime\qttask.exe File not found
O4 - HKLM..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKU\HelpAssistant_ON_C..\Run: [BitTorrent DNA] E:\Program Files\DNA\btdna.exe File not found
O4 - HKU\HelpAssistant_ON_C..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe File not found
O4 - HKU\Tristan_ON_C..\Run: [BitTorrent DNA] E:\Program Files\DNA\btdna.exe File not found
O4 - HKU\Tristan_ON_C..\Run: [ctfmon.exe] E:\WINDOWS\System32\ctfmon.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Tristan_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\WINDOWS\System32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\WINDOWS\System32\winrnr.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\WINDOWS\System32\mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\WINDOWS\System32\rsvpsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - E:\WINDOWS\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - E:\WINDOWS\System32\mswsock.dll File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\WINDOWS\System32\inetcomm.dll File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\System32\itss.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - E:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\WINDOWS\System32\msvidctl.dll File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\System32\mshtml.dll File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - E:\WINDOWS\System32\wiascr.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - E:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\System32\urlmon.dll File not found
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - E:\WINDOWS\System32\SHELL32.dll File not found
O20 - AppInit_DLLs: (E:\WINDOWS\system32\curslib.dll) - E:\WINDOWS\System32\curslib.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\System32\userinit.exe File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - E:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - E:\WINDOWS\System32\SHELL32.dll File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - E:\WINDOWS\System32\stobject.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - E:\WINDOWS\System32\webcheck.dll File not found
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\System32\WPDShServiceObj.dll File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - E:\WINDOWS\System32\browseui.dll File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - E:\WINDOWS\System32\browseui.dll File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (kerberos) - File not found
O30 - LSA: Security Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (schannel) - File not found
O30 - LSA: Security Packages - (wdigest) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========


========== Files - Modified Within 30 Days ==========


========== LOP Check ==========


========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\tasks\*.job >

< %SYSTEMDRIVE%\*.exe >


< %systemroot%\*. /mp /s >
< End of report >


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:10 AM

Posted 14 June 2010 - 01:13 AM

Something is not right.

Please take a look at the log and you will see a lot of "File not found". This means either they are not really there or the tool is not reading the drive. But since it has loaded the registry part I doubt that.

Please shutdown. Use the CD again to boot. Follow the steps and if the tool asked you to show the drive where the operating system is located select E:\Windows. Follow the steps again and make a new log. Take a look at the log and see if the log is different and post it if it is different.

In case the log is the same open My Computer (the icon is located on the desktop), tell me how many drives are there and if still E is local drive.

#11 carz88

carz88
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 14 June 2010 - 11:29 AM

I did notice a lot of File not found. And the scan was very quick. When i boot with the CD, I'm not asked to select any drives or anything. In My Computer, all i see is Local Drive C: and RAMDisk B: as hard drives. My hard drive has always said E:. When i go into C: i see all the files that were on there, but they used to be under E: When i tried running the scan again, it finished in about 5 seconds and i cant find where it has saved the log.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:10 AM

Posted 14 June 2010 - 11:53 AM

This is very unfortunate. In the registry the path points at E drive but when booting the local drive will get C letter. That is why the tool looks for E.

Give me a moment to see if I can find a way to change the drive letter to E and overcome the issue.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:10 AM

Posted 14 June 2010 - 12:31 PM

Yes we can doe it. But please be precise with the instruction. What you don't want to select are the options "Delete Partitions" or "Reformat..". By doing that every data on the computer is gone beyond repair.

After booting and before opening OTLPE on the desktop do the following:

Make sure your flash drive is not attached.
Right-click My computer => select Mange => In the left panel select "Disk Management"
In the right-panel on the top window right- click "Local Disk (C:)" and select "Change Drive Letter and Path..."
A pop up window opens, select "Change...". You see a small box with a drop down menu and it is on C. Change it to E. Click OK and click Yes to the prompt.
Close the window.
Now run OTLPE click Yes and OK to the prompt and run the scan with the same settings.

#14 carz88

carz88
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 14 June 2010 - 04:30 PM

OK, here's my next attempt. I still see a few "File Not Found" but there's more information on this scan. Thanks


OTL logfile created on: 6/14/2010 11:19:46 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 758.00 Mb Available Physical Memory | 74.00% Memory free
906.00 Mb Paging File | 800.00 Mb Available in Paging File | 88.00% Paging File free
Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 37.24 Gb Total Space | 8.55 Gb Free Space | 22.97% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet004

========== Win32 Services (All) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/11/12 18:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand] -- E:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 21:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/22 23:30:45 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto] -- E:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/10 02:32:40 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
SRV - [2009/05/08 23:15:55 | 000,295,424 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\termsrv32.dll -- (TermService)
SRV - [2009/02/09 06:20:34 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\rpcss.dll -- (RpcSs) Remote Procedure Call (RPC)
SRV - [2009/02/09 06:20:34 | 000,399,360 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\rpcss.dll -- (DcomLaunch)
SRV - [2009/02/09 06:20:33 | 000,616,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/12/12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto] -- E:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 22:10:04 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand] -- e:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 20:24:50 | 000,881,664 | ---- | M] (Microsoft Corporation) [On_Demand] -- e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled] -- e:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 12:16:40 | 000,034,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/07/07 16:32:22 | 000,253,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\es.dll -- (EventSystem)
SRV - [2008/06/20 13:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\mswsock.dll -- (Nla) Network Location Awareness (NLA)
SRV - [2008/05/13 16:12:56 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto] -- E:\Program Files\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- E:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/18 23:47:16 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\mspmsnsv.dll -- (WmdmPmSN)
SRV - [2006/10/18 22:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/09/28 20:56:14 | 000,055,808 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\WudfSvc.dll -- (WudfSvc)
SRV - [2006/05/03 12:57:00 | 000,520,192 | ---- | M] () [Auto] -- E:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2006/05/03 12:43:46 | 000,413,696 | ---- | M] (ATI Technologies Inc.) [Auto] -- E:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/05/04 17:45:36 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2005/04/20 15:21:33 | 000,474,624 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2004/08/04 00:56:58 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2004/08/04 00:56:58 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - [2004/08/04 00:56:58 | 000,126,464 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - [2004/08/04 00:56:58 | 000,089,600 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - [2004/08/04 00:56:58 | 000,073,216 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2004/08/04 00:56:58 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2004/08/04 00:56:58 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\ups.exe -- (UPS)
SRV - [2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\svchost.exe -- ({47522A72-96A9-4B8D-B97189E0BE427161})
SRV - [2004/08/04 00:56:56 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2004/08/04 00:56:56 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2004/08/04 00:56:56 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\scardsvr.exe -- (SCardSvr)
SRV - [2004/08/04 00:56:54 | 000,006,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\msdtc.exe -- (MSDTC)
SRV - [2004/08/04 00:56:52 | 000,150,016 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2004/08/04 00:56:52 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\locator.exe -- (RpcLocator) Remote Procedure Call (RPC)
SRV - [2004/08/04 00:56:52 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - [2004/08/04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2004/08/04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2004/08/04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2004/08/04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\lsass.exe -- (NtLmSsp)
SRV - [2004/08/04 00:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2004/08/04 00:56:50 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand] -- E:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2004/08/04 00:56:50 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2004/08/04 00:56:50 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\System32\dllhost.exe -- (COMSysApp)
SRV - [2004/08/04 00:56:48 | 000,333,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\wiaservc.dll -- (stisvc) Windows Image Acquisition (WIA)
SRV - [2004/08/04 00:56:48 | 000,246,272 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2004/08/04 00:56:48 | 000,185,344 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\upnphost.dll -- (upnphost)
SRV - [2004/08/04 00:56:48 | 000,174,592 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\w32time.dll -- (W32Time)
SRV - [2004/08/04 00:56:48 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2004/08/04 00:56:48 | 000,129,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\xmlprov.dll -- (xmlprov)
SRV - [2004/08/04 00:56:48 | 000,090,624 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\trkwks.dll -- (TrkWks)
SRV - [2004/08/04 00:56:48 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2004/08/04 00:56:48 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\webclnt.dll -- (WebClient)
SRV - [2004/08/04 00:56:48 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2004/08/04 00:56:48 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2004/08/04 00:56:48 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2004/08/04 00:56:48 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2004/08/04 00:56:48 | 000,005,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - [2004/08/04 00:56:46 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2004/08/04 00:56:46 | 000,382,464 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2004/08/04 00:56:46 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2004/08/04 00:56:46 | 000,190,976 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2004/08/04 00:56:46 | 000,174,080 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2004/08/04 00:56:46 | 000,170,496 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2004/08/04 00:56:46 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2004/08/04 00:56:46 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2004/08/04 00:56:46 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2004/08/04 00:56:46 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2004/08/04 00:56:46 | 000,089,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2004/08/04 00:56:46 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\ssdpsrv.dll -- (SSDPSRV)
SRV - [2004/08/04 00:56:46 | 000,059,904 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\regsvc.dll -- (RemoteRegistry)
SRV - [2004/08/04 00:56:46 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\sens.dll -- (SENS)
SRV - [2004/08/04 00:56:46 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2004/08/04 00:56:46 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2004/08/04 00:56:44 | 000,331,264 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - [2004/08/04 00:56:44 | 000,111,104 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2004/08/04 00:56:44 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2004/08/04 00:56:44 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2004/08/04 00:56:44 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto] -- E:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2004/08/04 00:56:44 | 000,023,040 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\ersvc.dll -- (ERSvc)
SRV - [2004/08/04 00:56:44 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2004/08/04 00:56:42 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
SRV - [2004/08/04 00:56:42 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2004/08/04 00:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2004/08/04 00:56:42 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2004/08/04 00:56:42 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2004/08/03 20:56:44 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto] -- E:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2001/08/23 12:00:00 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\WINDOWS\system32\rsvp.exe -- (RSVP)
SRV - [2001/08/23 12:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | On_Demand] -- -- (UsbCmxp)
DRV - File not found [Kernel | On_Demand] -- -- (USBCM)
DRV - File not found [Kernel | On_Demand] -- -- (UNDPX2A)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - File not found [Kernel | On_Demand] -- -- ({7FEEFE1B-9022-43F5-92030D3AB2C74D54})
DRV - [2010/06/11 19:47:04 | 000,000,000 | ---- | M] () [Kernel | Boot] -- E:\WINDOWS\system32\drivers\mioolnf.sys -- (mioolnf)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) [File_System | System] -- E:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- E:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/31 12:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/15 02:20:23 | 000,360,320 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\TCPIP.SYS -- (Tcpip)
DRV - [2009/10/20 10:58:48 | 000,263,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/22 07:34:52 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/18 16:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/12/10 14:56:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/10 22:53:26 | 000,580,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/09/05 13:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2006/11/02 08:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2006/09/28 21:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 20:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/19 19:54:04 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2005/01/27 18:31:06 | 000,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 04:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2004/08/04 02:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2004/08/04 02:15:06 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2004/08/04 02:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2004/08/04 02:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2004/08/04 02:07:50 | 000,171,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2004/08/04 02:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2004/08/04 02:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2004/08/04 02:01:16 | 000,196,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2004/08/04 01:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2004/08/04 01:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2004/08/04 01:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2004/08/04 01:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2004/08/04 01:05:44 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2004/08/04 01:05:44 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2004/08/04 01:05:44 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2004/08/04 01:05:44 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2004/08/04 01:05:44 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2004/08/04 01:01:10 | 000,139,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2004/08/04 01:01:08 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2004/08/04 01:01:08 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2004/08/04 00:10:30 | 000,085,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\NABTSFEC.sys -- (NABTSFEC)
DRV - [2004/08/04 00:10:22 | 000,019,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\WSTCODEC.SYS -- (WSTCODEC)
DRV - [2004/08/04 00:10:18 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\CCDECODE.sys -- (CCDECODE)
DRV - [2004/08/04 00:10:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\SLIP.sys -- (SLIP)
DRV - [2004/08/04 00:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\StreamIP.sys -- (streamip)
DRV - [2004/08/04 00:10:14 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\NdisIP.sys -- (NdisIP)
DRV - [2004/08/03 23:58:40 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2004/08/03 23:20:08 | 000,176,512 | ---- | M] (Microsoft Corporation) [File_System | System] -- E:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2004/08/03 23:15:54 | 000,064,896 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2004/08/03 23:15:22 | 000,107,904 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- E:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- E:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2004/08/03 23:14:38 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2004/08/03 23:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2004/08/03 23:14:32 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2004/08/03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2004/08/03 23:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2004/08/03 23:14:28 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2004/08/03 23:14:24 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2004/08/03 23:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- E:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2004/08/03 23:14:12 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- E:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2004/08/03 23:08:48 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2004/08/03 23:08:44 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2004/08/03 23:08:38 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2004/08/03 23:08:38 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2004/08/03 23:07:48 | 000,119,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- E:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2004/08/03 23:07:48 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2004/08/03 23:07:38 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2004/08/03 23:07:18 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- E:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2004/08/03 23:07:18 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2004/08/03 23:07:08 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2004/08/03 23:06:26 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- E:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2004/08/03 23:05:08 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2004/08/03 23:05:04 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2004/08/03 23:04:58 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2004/08/03 23:04:52 | 000,134,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2004/08/03 23:04:46 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2004/08/03 23:04:20 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2004/08/03 23:04:14 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2004/08/03 23:03:22 | 000,034,560 | ---- | M] (Microsoft Corporation) [File_System | System] -- E:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2004/08/03 23:01:20 | 000,124,800 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- E:\WINDOWS\system32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2004/08/03 23:00:58 | 000,181,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- E:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2004/08/03 23:00:48 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2004/08/03 23:00:44 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- E:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2004/08/03 23:00:42 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- E:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2004/08/03 23:00:32 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- E:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2004/08/03 23:00:18 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2004/08/03 23:00:16 | 000,041,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2004/08/03 23:00:08 | 000,029,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2004/08/03 22:59:56 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2004/08/03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2004/08/03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/03 22:59:28 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2004/08/03 22:59:28 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2004/08/03 22:59:20 | 000,036,096 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2004/08/03 22:59:08 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2004/08/03 22:58:36 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2004/08/03 22:58:34 | 000,209,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2004/08/03 22:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2004/08/03 22:58:32 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2004/08/03 22:58:32 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2004/08/03 18:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/07/17 11:36:38 | 000,027,440 | ---- | M] () [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/06/04 19:35:30 | 000,135,168 | ---- | M] () [Kernel | On_Demand] -- E:\WINDOWS\UNDPX2K.exe -- (UNDPX2K)
DRV - [2001/08/23 12:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/23 12:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2001/08/23 12:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2001/08/23 12:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2001/08/23 12:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2001/08/23 12:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2001/08/23 12:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2001/08/23 12:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/23 12:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/23 12:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2001/08/23 12:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- E:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/23 12:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2001/08/23 12:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/23 12:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- E:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2001/08/23 12:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2001/08/23 12:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2001/08/23 12:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2001/08/23 12:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- E:\WINDOWS\system32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2001/08/23 12:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- E:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2001/08/23 12:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2001/08/23 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2001/08/23 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2001/08/23 12:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2001/08/23 12:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/23 12:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- E:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2001/08/23 12:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- E:\WINDOWS\system32\winsock.dll -- (Winsock)
DRV - [2001/08/17 17:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\HelpAssistant_ON_E\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKU\HelpAssistant_ON_E\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\HelpAssistant_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\HelpAssistant_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\HelpAssistant_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Tristan_ON_E\Software\Microsoft\Internet Explorer\Main,Local Page = E:\WINDOWS\system32\blank.htm
IE - HKU\Tristan_ON_E\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\Tristan_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\Tristan_ON_E\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Tristan_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: E:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/22 23:30:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 12:11:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/05/23 20:33:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/04/10 11:52:04 | 000,000,000 | ---D | M]

[2010/06/04 20:49:46 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2010/04/10 11:52:04 | 000,000,000 | ---D | M] (Default) -- E:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/22 23:31:11 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2010/04/10 11:51:39 | 000,023,000 | ---- | M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/10 11:51:39 | 000,138,712 | ---- | M] (Mozilla Foundation) -- E:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- E:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/07/22 23:30:46 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2010/04/10 11:51:54 | 000,064,984 | ---- | M] (mozilla.org) -- E:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/01/11 18:47:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/01/11 18:47:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/01/11 18:47:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/01/11 18:47:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/01/11 18:47:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/01/11 18:47:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/01/11 18:47:54 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- E:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/05/01 17:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- E:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/04/10 11:51:57 | 000,001,394 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/04/10 11:51:58 | 000,002,193 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/04/10 11:51:58 | 000,001,534 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/04/10 11:51:58 | 000,002,344 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/04/10 11:51:58 | 000,002,371 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/04/10 11:51:58 | 000,001,178 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/04/10 11:51:58 | 000,001,096 | ---- | M] () -- E:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2001/08/23 12:00:00 | 000,000,734 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Browser Helper Object) - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - E:\Program Files\Shared\lib.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\HelpAssistant_ON_E\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\HelpAssistant_ON_E\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\HelpAssistant_ON_E\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Tristan_ON_E\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Tristan_ON_E\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Tristan_ON_E\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] E:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\HelpAssistant_ON_E..\Run: [BitTorrent DNA] E:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\HelpAssistant_ON_E..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Tristan_ON_E..\Run: [BitTorrent DNA] E:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\Tristan_ON_E..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HelpAssistant_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Tristan_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - E:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - E:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - E:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (E:\WINDOWS\system32\curslib.dll) - E:\WINDOWS\System32\curslib.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - E:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - E:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - E:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - E:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - E:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - E:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - E:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - E:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - E:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - E:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - E:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - E:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - E:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - E:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - E:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - E:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - E:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - E:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - E:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - E:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - E:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - E:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - E:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/11 19:14:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Tristan\Desktop\GMERR
[2010/06/10 19:11:48 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Tristan\Desktop\admin
[2010/06/08 23:46:50 | 000,000,000 | ---D | C] -- E:\FLAV
[2010/06/08 23:33:54 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Tristan\My Documents\FLAV
[2010/06/08 23:33:14 | 004,224,451 | ---- | C] (FLAV Corporation. ) -- E:\Documents and Settings\Tristan\Desktop\flav-flv-to-mp3-converter.exe
[2010/06/08 00:57:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Tristan\Desktop\gmer
[2010/06/06 00:48:58 | 008,924,856 | ---- | C] (SUPERAntiSpyware.com) -- E:\Documents and Settings\Tristan\Desktop\SUPERAntiSpyware.exe
[2010/06/06 00:48:41 | 000,050,688 | ---- | C] (Atribune.org) -- E:\Documents and Settings\Tristan\Desktop\ATF-Cleaner.exe
[2010/05/24 02:10:26 | 000,010,880 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ndisip.sys
[2010/05/24 02:10:24 | 000,015,360 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\streamip.sys
[2010/05/24 02:10:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\ipsink.ax
[2010/05/24 02:10:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ipsink.ax
[2010/05/24 02:10:19 | 000,005,504 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\mstee.sys
[2010/05/24 02:10:15 | 000,011,136 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\slip.sys
[2010/05/24 02:10:09 | 000,019,328 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/05/24 02:10:04 | 000,085,376 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/05/24 02:10:00 | 000,017,024 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/05/24 02:09:55 | 000,090,624 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kswdmcap.ax
[2010/05/24 02:09:55 | 000,090,624 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/05/24 02:09:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\vidcap.ax
[2010/05/24 02:09:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\vidcap.ax
[2010/05/24 02:09:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kstvtune.ax
[2010/05/24 02:09:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/05/24 02:09:54 | 000,053,760 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\vfwwdm32.dll
[2010/05/24 02:09:54 | 000,053,760 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/05/24 02:09:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\ksxbar.ax
[2010/05/24 02:09:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\ksxbar.ax
[7 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[6 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/14 23:06:22 | 000,262,144 | -H-- | M] () -- E:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/14 01:57:06 | 000,000,907 | ---- | M] () -- E:\Documents and Settings\Tristan\My Documents\My Sharing Folders.lnk
[2010/06/11 19:47:04 | 000,000,000 | ---- | M] () -- E:\WINDOWS\System32\drivers\mioolnf.sys
[2010/06/11 19:34:48 | 000,488,244 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 19:34:48 | 000,432,356 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2010/06/11 19:34:48 | 000,067,312 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2010/06/11 19:26:47 | 005,951,488 | -H-- | M] () -- E:\Documents and Settings\HelpAssistant\NTUSER.DAT
[2010/06/11 19:24:40 | 000,000,262 | ---- | M] () -- E:\WINDOWS\tasks\WGASetup.job
[2010/06/11 19:24:36 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010/06/11 19:24:29 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010/06/11 19:24:27 | 1071,788,032 | -HS- | M] () -- E:\hiberfil.sys
[2010/06/11 19:21:04 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010/06/11 16:21:38 | 009,685,120 | ---- | M] () -- E:\Documents and Settings\Tristan\Desktop\Rose_Colored_Glasses.mp3
[2010/06/10 17:43:21 | 013,589,510 | ---- | M] () -- E:\Documents and Settings\Tristan\Desktop\Believe (Jump Smokers Remix).mp3
[2010/06/10 03:17:04 | 006,029,312 | -H-- | M] () -- E:\Documents and Settings\Tristan\NTUSER.DAT
[2010/06/10 03:17:04 | 000,262,144 | -H-- | M] () -- E:\Documents and Settings\LocalService\NTUSER.DAT
[2010/06/10 03:17:04 | 000,225,280 | -H-- | M] () -- E:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/06/10 03:16:45 | 000,000,178 | -HS- | M] () -- E:\Documents and Settings\Tristan\ntuser.ini
[2010/06/10 03:16:45 | 000,000,178 | -HS- | M] () -- E:\Documents and Settings\HelpAssistant\ntuser.ini
[2010/06/10 03:15:44 | 003,766,848 | -H-- | M] () -- E:\Documents and Settings\Tristan\Local Settings\Application Data\IconCache.db
[2010/06/08 23:33:25 | 004,224,451 | ---- | M] (FLAV Corporation. ) -- E:\Documents and Settings\Tristan\Desktop\flav-flv-to-mp3-converter.exe
[2010/06/08 19:40:00 | 000,013,440 | -H-- | M] () -- E:\WINDOWS\System32\mlfcache.dat
[2010/06/08 00:57:02 | 000,284,915 | ---- | M] () -- E:\Documents and Settings\Tristan\Desktop\gmer.zip
[2010/06/08 00:49:05 | 000,525,824 | ---- | M] () -- E:\Documents and Settings\Tristan\Desktop\dds.scr
[2010/06/08 00:46:44 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\Tristan\defogger_reenable
[2010/06/08 00:46:44 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\HelpAssistant\defogger_reenable
[2010/06/08 00:45:30 | 000,050,477 | ---- | M] () -- E:\Documents and Settings\Tristan\Desktop\Defogger.exe
[2010/06/07 12:41:09 | 000,004,208 | ---- | M] () -- E:\Documents and Settings\Tristan\Desktop\Document999999999999.rtf
[2010/06/06 16:41:12 | 000,190,976 | ---- | M] () -- E:\Documents and Settings\Tristan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/06 00:49:06 | 008,924,856 | ---- | M] (SUPERAntiSpyware.com) -- E:\Documents and Settings\Tristan\Desktop\SUPERAntiSpyware.exe
[2010/06/06 00:48:41 | 000,050,688 | ---- | M] (Atribune.org) -- E:\Documents and Settings\Tristan\Desktop\ATF-Cleaner.exe
[2010/06/06 00:47:48 | 000,363,520 | ---- | M] () -- E:\Documents and Settings\Tristan\Desktop\rkill.scr
[2010/06/05 18:24:43 | 000,054,016 | ---- | M] () -- E:\WINDOWS\System32\drivers\yrspnyti.sys
[2010/06/05 01:49:47 | 000,050,981 | ---- | M] () -- E:\WINDOWS\System32\ljwdloyydha.exe
[2010/05/24 12:31:20 | 000,040,633 | ---- | M] () -- E:\WINDOWS\System32\bmglwjwz.exe
[2010/05/24 03:49:03 | 002,077,696 | ---- | M] () -- E:\Documents and Settings\Tristan\Desktop\yung kid.avi
[2010/05/24 03:43:09 | 011,146,240 | ---- | M] () -- E:\Documents and Settings\Tristan\Desktop\hotNsexy.avi
[2010/05/24 03:08:41 | 019,457,024 | ---- | M] () -- E:\Documents and Settings\Tristan\Desktop\444444444.avi
[2010/05/20 23:27:43 | 000,027,154 | ---- | M] () -- E:\Documents and Settings\Tristan\Desktop\5.jpg
[7 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[6 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/11 16:21:36 | 009,685,120 | ---- | C] () -- E:\Documents and Settings\Tristan\Desktop\Rose_Colored_Glasses.mp3
[2010/06/10 16:51:24 | 013,589,510 | ---- | C] () -- E:\Documents and Settings\Tristan\Desktop\Believe (Jump Smokers Remix).mp3
[2010/06/08 19:40:00 | 000,013,440 | -H-- | C] () -- E:\WINDOWS\System32\mlfcache.dat
[2010/06/08 14:18:20 | 1071,788,032 | -HS- | C] () -- E:\hiberfil.sys
[2010/06/08 01:42:24 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\HelpAssistant\defogger_reenable
[2010/06/08 00:57:01 | 000,284,915 | ---- | C] () -- E:\Documents and Settings\Tristan\Desktop\gmer.zip
[2010/06/08 00:49:04 | 000,525,824 | ---- | C] () -- E:\Documents and Settings\Tristan\Desktop\dds.scr
[2010/06/08 00:46:44 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\Tristan\defogger_reenable
[2010/06/08 00:45:30 | 000,050,477 | ---- | C] () -- E:\Documents and Settings\Tristan\Desktop\Defogger.exe
[2010/06/07 12:41:09 | 000,004,208 | ---- | C] () -- E:\Documents and Settings\Tristan\Desktop\Document999999999999.rtf
[2010/06/06 13:27:24 | 000,000,178 | -HS- | C] () -- E:\Documents and Settings\HelpAssistant\ntuser.ini
[2010/06/06 13:27:23 | 000,008,192 | -H-- | C] () -- E:\Documents and Settings\HelpAssistant\ntuser.dat.LOG
[2010/06/06 13:27:22 | 005,951,488 | -H-- | C] () -- E:\Documents and Settings\HelpAssistant\NTUSER.DAT
[2010/06/06 00:47:47 | 000,363,520 | ---- | C] () -- E:\Documents and Settings\Tristan\Desktop\rkill.scr
[2010/06/05 18:24:43 | 000,054,016 | ---- | C] () -- E:\WINDOWS\System32\drivers\yrspnyti.sys
[2010/06/05 01:49:47 | 000,050,981 | ---- | C] () -- E:\WINDOWS\System32\ljwdloyydha.exe
[2010/06/05 01:49:12 | 000,000,000 | ---- | C] () -- E:\WINDOWS\System32\drivers\mioolnf.sys
[2010/05/24 12:31:20 | 000,040,633 | ---- | C] () -- E:\WINDOWS\System32\bmglwjwz.exe
[2010/05/24 03:49:09 | 002,077,696 | ---- | C] () -- E:\Documents and Settings\Tristan\Desktop\yung kid.avi
[2010/05/24 03:43:18 | 011,146,240 | ---- | C] () -- E:\Documents and Settings\Tristan\Desktop\hotNsexy.avi
[2010/05/24 03:08:57 | 019,457,024 | ---- | C] () -- E:\Documents and Settings\Tristan\Desktop\444444444.avi
[2010/05/20 23:27:42 | 000,027,154 | ---- | C] () -- E:\Documents and Settings\Tristan\Desktop\5.jpg
[2010/05/11 20:59:53 | 000,217,088 | ---- | C] () -- E:\WINDOWS\System32\qtmlClient.dll
[2010/03/05 14:25:42 | 000,014,874 | -HS- | C] () -- E:\Documents and Settings\Tristan\Local Settings\Application Data\Sw85MiA
[2009/12/15 02:30:45 | 000,000,178 | -HS- | C] () -- E:\Documents and Settings\Administrator\ntuser.ini
[2009/12/15 02:30:43 | 000,061,440 | -H-- | C] () -- E:\Documents and Settings\Administrator\ntuser.dat.LOG
[2009/12/15 02:30:42 | 000,262,144 | -H-- | C] () -- E:\Documents and Settings\Administrator\NTUSER.DAT
[2009/12/02 13:02:50 | 001,632,887 | ---- | C] () -- E:\WINDOWS\System32\ffmpegmt.dll
[2009/12/02 12:56:10 | 004,840,081 | ---- | C] () -- E:\WINDOWS\System32\libavcodec.dll
[2009/11/04 14:45:44 | 000,611,638 | ---- | C] () -- E:\WINDOWS\System32\libmplayer.dll
[2009/11/04 14:43:20 | 000,324,096 | ---- | C] () -- E:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/11/03 16:11:22 | 000,113,152 | ---- | C] () -- E:\WINDOWS\System32\ff_unrar.dll
[2009/11/03 16:11:00 | 000,146,944 | ---- | C] () -- E:\WINDOWS\System32\ff_tremor.dll
[2009/11/03 16:10:42 | 000,183,296 | ---- | C] () -- E:\WINDOWS\System32\ff_samplerate.dll
[2009/11/03 16:09:18 | 000,178,688 | ---- | C] () -- E:\WINDOWS\System32\ff_libmad.dll
[2009/11/03 16:08:58 | 000,484,864 | ---- | C] () -- E:\WINDOWS\System32\ff_libfaad2.dll
[2009/11/03 16:08:12 | 000,257,024 | ---- | C] () -- E:\WINDOWS\System32\ff_libdts.dll
[2009/11/03 16:07:16 | 000,142,848 | ---- | C] () -- E:\WINDOWS\System32\ff_liba52.dll
[2009/11/03 15:36:06 | 000,145,408 | ---- | C] () -- E:\WINDOWS\System32\libmpeg2_ff.dll
[2009/11/03 15:34:56 | 000,100,864 | ---- | C] () -- E:\WINDOWS\System32\ff_wmv9.dll
[2009/11/03 15:34:38 | 000,085,504 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll
[2009/11/03 14:07:24 | 000,895,308 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll
[2009/11/03 14:05:02 | 000,957,047 | ---- | C] () -- E:\WINDOWS\System32\ff_x264.dll
[2009/10/27 18:46:26 | 000,248,320 | ---- | C] () -- E:\WINDOWS\System32\ff_kernelDeint.dll
[2009/06/29 16:17:45 | 000,438,272 | ---- | C] () -- E:\WINDOWS\System32\RaCoInst.dll
[2009/06/11 18:29:50 | 000,041,808 | ---- | C] () -- E:\WINDOWS\System32\xfcodec.dll
[2009/05/09 16:59:08 | 000,053,693 | ---- | C] () -- E:\WINDOWS\UNDPX2K.sys
[2009/05/09 02:23:13 | 000,190,976 | ---- | C] () -- E:\Documents and Settings\Tristan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/08 23:26:03 | 000,008,192 | -H-- | C] () -- E:\Documents and Settings\Tristan\ntuser.dat.LOG
[2009/05/08 23:26:03 | 000,000,178 | -HS- | C] () -- E:\Documents and Settings\Tristan\ntuser.ini
[2009/05/08 23:26:02 | 006,029,312 | -H-- | C] () -- E:\Documents and Settings\Tristan\NTUSER.DAT
[2009/05/08 23:24:58 | 000,008,192 | -H-- | C] () -- E:\Documents and Settings\LocalService\ntuser.dat.LOG
[2009/05/08 23:24:58 | 000,000,020 | -HS- | C] () -- E:\Documents and Settings\LocalService\ntuser.ini
[2009/05/08 23:24:57 | 000,262,144 | -H-- | C] () -- E:\Documents and Settings\LocalService\NTUSER.DAT
[2009/05/08 23:23:24 | 000,000,178 | -HS- | C] () -- E:\Documents and Settings\NetworkService\ntuser.ini
[2009/05/08 23:23:23 | 000,225,280 | -H-- | C] () -- E:\Documents and Settings\NetworkService\NTUSER.DAT
[2009/05/08 23:23:23 | 000,008,192 | -H-- | C] () -- E:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- E:\WINDOWS\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- E:\WINDOWS\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- E:\WINDOWS\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- E:\WINDOWS\System32\mp4.dll
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- E:\WINDOWS\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- E:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- E:\WINDOWS\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- E:\WINDOWS\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- E:\WINDOWS\System32\avs.dll
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- E:\WINDOWS\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- E:\WINDOWS\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- E:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- E:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- E:\WINDOWS\System32\dtu100.dll.manifest
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- E:\WINDOWS\System32\pthreadVC.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- E:\WINDOWS\System32\Registration.ini
[2004/08/04 00:56:38 | 000,022,154 | ---- | C] () -- E:\WINDOWS\msvideo.dll
[2004/07/17 11:36:38 | 000,027,440 | ---- | C] () -- E:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/06/11 19:24:40 | 000,000,262 | ---- | M] () -- E:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\tasks\*.job >
[2009/06/12 11:04:02 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/11 19:24:40 | 000,000,262 | ---- | M] () -- E:\WINDOWS\tasks\WGASetup.job

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CLASSPNP.SYS >
[2004/08/03 23:14:28 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- E:\WINDOWS\system32\dllcache\classpnp.sys
[2004/08/03 23:14:28 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- E:\WINDOWS\system32\drivers\classpnp.sys
[2008/04/13 15:16:22 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=FE47DD8FE6D7768FF94EBEC6C74B2719 -- E:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\classpnp.sys

< MD5 for: DISK.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- E:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- E:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\disk.sys

< MD5 for: KBDCLASS.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:kbdclass.sys
[2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=463C1EC80CD17420A542B7F36A36F128 -- E:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kbdclass.sys
[2004/08/03 22:58:34 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=EBDEE8A2EE5393890A1ACEE971C4C246 -- E:\WINDOWS\system32\drivers\kbdclass.sys

< %systemroot%\*. /mp /s >
< End of report >


#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:10 AM

Posted 14 June 2010 - 05:19 PM

This is the log we wanted. thumbup2.gif

Note: Changing the drive letter is not permanent. It is working as long as you remain booted. If you shutdown and rebooted with the boot CD you have to change the drive letter to E again otherwise the fix that we are going to apply doesn't work.

We are going to do the fix in 2 steps. If the step 1 worked we will do the rest after you are able to boot. Otherwise we have to do the second fix also in live environment.
  1. On the working computer:
    Insert your flash drive.
    Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:


    CODE
    :services
    NPF
    mioolnf
    {7FEEFE1B-9022-43F5-92030D3AB2C74D54}
    {47522A72-96A9-4B8D-B97189E0BE427161}
    :files
    E:\WINDOWS\System32\drivers\yrspnyti.sys
    E:\WINDOWS\System32\ljwdloyydha.exe
    E:\WINDOWS\System32\bmglwjwz.exe
    E:\WINDOWS\system32\drivers\mioolnf.sys
    E:\WINDOWS\system32\drivers\npf.sys
    :otl
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab  (Reg Error: Key error.)
    O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
    O20 - AppInit_DLLs: (E:\WINDOWS\system32\curslib.dll) - E:\WINDOWS\System32\curslib.dll File not found

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: Flsh drive
    • Fill in File name: fix.txt
    • Click save.
    • Close the Notepad.
    • Take out your flash drive and insert it to the problem computer.
    • Open OTLPE. Click Yes and OK to the prompts.
    • Double-click on My Computer icon on the desktop, open your flash drive.
    • Copy the content of fix.txt and paste it to Costum Scans/Fixes area and press Run Fix.
      Alternatively you can right-click fix.txt and click Copy, return to the desktop and paste it there. Now drag the fix.txt to the Costum Scans/Fixes area and OTLPE starts to run automatically.
    • A notepad opens, save the content to the flash drive to copy and paste it to your reply.

  2. Shutdown the computer, remove the CD and let the computer boot. Tell me how far it went if it didn't boot.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users