Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing XP Boot.ini and Combofix msg "Boot partition cannot be enumerated"


  • This topic is locked This topic is locked
19 replies to this topic

#1 kangenguru

kangenguru

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 21 June 2010 - 05:19 PM

My laptop that is running on Windows XP SP 3 crashes randomly. On reboot, I see a Missing Boot.ini message. I have run other anti-virus programs including Malwarebytes, Avast. and SpyBot Search and Destroy - but could not find the problem.

Previously, I had a similar problem and I was able to get the fix using ComboFix - however, this time Combo fix is returning a message saying "Boot Partition cannot be properly enumerated." ComboFix also is trying to reinstall the Windows Recovery Console but it does not succeed.

I have attached the ComboFix.txt file.

I have run the DDS.scr and the results are attached. I tried running GMER.exe, however, my system freezes - so I do not have the GMER scan results.

There is a thread elsewhere that was started by finalera - but I am not sure if this is the same issue. My drive did not really "crash" because I can always reboot and be working on it for a while - until the laptop randomly turns off without warning.

Please advise.

I just wanted to update you on this - I manually created the boot.ini file. To my surprise, however, after I rebooted the machine, the boot.ini was missing again. The malware deleted a fresh new boot.ini file.
If you have had a similar experience and was able to resolve you viral infection, please let me know or at least point me to the proper thread or info.

Thanks for looking at this info.

Adrian

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 24 June 2010 - 04:20 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 PM

Posted 27 June 2010 - 06:02 PM

Hi kangenguru,

Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.

If the issue is not resolved please update me on the current condition of your computer.

#3 kangenguru

kangenguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 27 June 2010 - 07:46 PM

Hi Farbar,

Thank you for taking on this issue. I am able to keep my laptop working for quite much longer now after I cleaned the fan and it has not crashed since then.

However, my BOOT.INI file is deleted by some process. I still suspect I have a virus or trojan because of the boot.ini issue.

Also, my firefox browser still gets frequent NOT RESPONDING status and crashes.

The last time I ran combofix - after the fan cleaning - I still cannot install the recovery console and I still get the message "Boot Partition cannot be enumerated".

Please advise the next steps.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 PM

Posted 27 June 2010 - 08:11 PM

Thanks for the feedback. thumbup2.gif

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  1. I see on the log Ask Toolbar is installed on your computer.

    This program is known to be bundled with adware/spyware. You may read more about Ask Toolbars here:
    http://www.benedelman.org/spyware/ask-toolbars/

    In this case we have to remove the software to make sure the missing boot.ini is not related to this software.

    To uninstall Ask Toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    Ask Toolbar or Vuze toolbar

    Also remove the folder in bold (if present) only after uninstalling Ask Toolbar:
    C:\Program Files\AskBar
    c:\program files\askbardis

  2. Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized


#5 kangenguru

kangenguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 27 June 2010 - 11:33 PM

I removed the file sharing app and Ask toolbar.

This is the OTL.txt:

OTL logfile created on: 6/27/2010 9:22:45 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 27.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 49.10 Gb Free Space | 21.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADRIAN-F7E3057B
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/27 19:52:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/06/25 12:26:14 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/25 12:25:53 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/25 12:25:51 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/25 12:22:14 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/25 12:21:46 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/24 15:28:55 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/24 14:22:20 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/21 22:19:36 | 000,507,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Owner\Local Settings\temp\RtkBtMnt.exe
PRC - [2010/05/17 13:14:12 | 002,345,680 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/04/26 16:52:30 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/30 16:26:40 | 003,036,424 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Jing\Jing.exe
PRC - [2010/02/19 11:13:01 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\452\g2mstart.exe
PRC - [2010/02/19 11:13:01 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\452\g2mlauncher.exe
PRC - [2010/02/19 11:13:01 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\452\g2mcomm.exe
PRC - [2009/09/30 15:32:14 | 000,079,568 | ---- | M] () -- C:\Program Files\Allway Sync\Bin\syncappw.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/26 05:00:52 | 000,429,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
PRC - [2009/09/26 05:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009/09/03 19:11:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/08/24 13:09:10 | 000,028,672 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2009/07/25 05:23:22 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/07/08 13:31:24 | 000,236,016 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2009/07/08 13:29:34 | 000,018,416 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/14 03:35:22 | 000,037,656 | ---- | M] (Mindjet) -- C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe
PRC - [2008/10/24 10:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/08 07:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/05/10 23:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/11/28 18:43:36 | 000,754,712 | ---- | M] () -- C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
PRC - [2006/11/28 18:38:18 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/10/31 01:06:20 | 000,304,664 | ---- | M] (Acer Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
PRC - [2006/10/20 09:33:46 | 000,176,128 | ---- | M] (CardScan, Inc.) -- C:\Program Files\CardScan\CardScan\CardScanAgent.exe
PRC - [2000/02/15 14:03:56 | 000,118,784 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
PRC - [1999/12/02 17:55:32 | 000,065,024 | ---- | M] (Marimba Inc.) -- C:\WINDOWS\system32\mrtmngr.exe


========== Modules (SafeList) ==========

MOD - [2010/06/27 19:52:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/09/30 15:11:50 | 000,042,496 | ---- | M] () -- C:\Program Files\Allway Sync\Bin\SyncHook.dll
MOD - [2009/08/07 23:51:14 | 005,812,560 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/11/14 03:34:40 | 000,107,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mindjet\MindManager 8\msscript.ocx
MOD - [2008/07/25 11:16:58 | 000,018,936 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
MOD - [2008/04/13 17:11:59 | 002,843,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msi.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/24 14:22:20 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/26 16:52:30 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/10/29 10:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/03 19:11:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/24 13:22:28 | 000,081,920 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ACT7) SQL Server (ACT7)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/02/08 07:41:12 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/11/28 18:41:54 | 000,101,152 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)


========== Driver Services (SafeList) ==========

DRV - [2010/06/25 12:25:57 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/25 12:25:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/24 14:24:22 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/28 10:59:20 | 002,210,816 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/07/13 00:34:00 | 006,807,744 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/01/30 10:12:06 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/28 18:39:14 | 001,962,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/11/28 18:36:12 | 000,847,392 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/16 19:17:38 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/06/16 19:17:38 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/06/16 19:17:36 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/03/03 12:52:30 | 000,192,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1757981266-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.digsby.com
IE - HKU\S-1-5-21-1757981266-73586283-839522115-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1757981266-73586283-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1757981266-73586283-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: {cbafdacb-a320-4294-9516-494f93d5d1b3}:1.0.6
FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:2.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}:1.1.6
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.7.2
FF - prefs.js..extensions.enabledItems: {7CEA821D-3DAB-4238-B424-BF7324531750}:0.4.95
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.5.9
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q="


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/25 19:08:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/06/24 14:24:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 15:29:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/24 15:29:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/24 16:13:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/02/27 22:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/02/27 22:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/06/27 17:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions
[2010/05/04 09:45:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/07 12:50:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009/12/07 12:50:30 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/05/04 09:45:26 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2010/05/05 19:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
[2010/05/13 17:37:10 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/10/07 23:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2010/04/23 16:10:46 | 000,000,000 | ---D | M] (Digsby Donates) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\{cbafdacb-a320-4294-9516-494f93d5d1b3}
[2010/05/29 12:07:41 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/14 21:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\{fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}
[2010/05/13 17:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\rankchecker@seobook.com
[2009/08/22 15:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\secureLogin@blueimp.net
[2010/06/11 18:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\smarterwiki@wikiatic.com
[2010/06/11 18:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\extensions\video.downloader.plugin@ffpimp.com
[2009/08/22 15:23:03 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\zp5hxfiq.default\searchplugins\thesaurus---referencecom.xml
[2010/06/26 13:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/09 22:02:07 | 000,028,472 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2010/02/09 22:02:07 | 000,185,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2010/02/09 22:02:44 | 000,099,208 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/02/09 22:02:06 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2010/06/24 08:29:33 | 000,407,846 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14129 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1757981266-73586283-839522115-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1757981266-73586283-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1757981266-73586283-839522115-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AcerOrbicamRibbon] C:\Program Files\Acer\OrbiCam10\OrbiCam.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CardScanAgent] C:\Program Files\CardScan\CardScan\CardScanAgent.exe (CardScan, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [Memeo Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [PHIME2002A] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SkyTel] C:\windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1757981266-73586283-839522115-1003..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKU\S-1-5-21-1757981266-73586283-839522115-1003..\Run: [Allway Sync] C:\Program Files\Allway Sync\Bin\syncappw.exe ()
O4 - HKU\S-1-5-21-1757981266-73586283-839522115-1003..\Run: [cdloader] C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-1757981266-73586283-839522115-1003..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\452\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-1757981266-73586283-839522115-1003..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-1757981266-73586283-839522115-1003..\Run: [Jing] C:\Program Files\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-21-1757981266-73586283-839522115-1003..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-1757981266-73586283-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files\Digsby\digsby.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-73586283-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1757981266-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1757981266-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1757981266-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1757981266-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1757981266-73586283-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/27 19:52:38 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/24 15:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Security Toolbar
[2010/06/24 14:24:28 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll
[2010/06/24 14:24:24 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2010/06/24 14:24:21 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2010/06/24 14:24:14 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2010/06/24 14:24:14 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\Avg
[2010/06/24 14:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/24 12:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/24 12:12:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/24 09:35:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/24 09:19:55 | 000,000,000 | ---D | C] -- C:\windows\temp
[2010/06/21 15:52:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2010/06/12 09:51:37 | 000,000,000 | ---D | C] -- C:\windows\setup.pss
[2010/06/12 09:51:02 | 000,000,000 | ---D | C] -- C:\windows\setupupd
[2010/06/11 21:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/11 21:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/11 05:48:03 | 000,000,000 | -HSD | C] -- C:\windows\CSC
[2010/06/10 01:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MemeoCommon
[2010/06/10 01:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/06/10 01:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Memeo
[2010/06/10 01:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2010/06/10 01:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\temp
[2010/06/08 12:03:26 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedvtool.dll
[2010/06/03 21:28:01 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/06/03 20:09:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010/06/03 20:09:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2010/06/03 20:09:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2010/06/03 20:07:57 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/06/03 20:05:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/01 13:06:44 | 000,000,000 | ---D | C] -- C:\Program Files\Keyword Research Pro
[8 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/27 20:45:19 | 003,154,671 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet_Marketing___Keyword_Tool.mp4
[2010/06/27 20:21:01 | 015,990,784 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/06/27 19:52:40 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/27 17:35:09 | 000,000,256 | ---- | M] () -- C:\windows\System32\pool.bin
[2010/06/27 17:34:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2010/06/27 17:10:13 | 061,441,338 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2010/06/27 17:06:49 | 000,013,646 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/06/27 17:06:21 | 000,001,890 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/06/27 17:03:12 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/06/27 17:03:08 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/06/26 15:05:20 | 028,473,070 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/06/26 14:29:07 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/06/26 00:11:26 | 000,000,523 | ---- | M] () -- C:\windows\BRWMARK.INI
[2010/06/26 00:10:47 | 000,006,657 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\PrimoPDFSet.xml
[2010/06/25 18:07:32 | 050,901,890 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LISA_DIANE-System.flv
[2010/06/25 15:30:44 | 000,432,374 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2010-06-25_1529-JeffWalkerPLF_Colors.png
[2010/06/25 12:25:57 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2010/06/25 12:25:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2010/06/24 14:25:05 | 000,113,461 | ---- | M] () -- C:\windows\System32\drivers\Avg\iavichjw.avm
[2010/06/24 14:24:32 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/24 14:24:30 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll
[2010/06/24 14:24:22 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2010/06/24 13:01:04 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2010/06/24 10:07:29 | 000,558,694 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/06/24 10:07:29 | 000,482,536 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/06/24 10:07:29 | 000,085,840 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/24 09:12:32 | 000,000,227 | ---- | M] () -- C:\windows\system.ini
[2010/06/24 08:50:56 | 000,002,577 | ---- | M] () -- C:\windows\System32\CONFIG.NT
[2010/06/24 08:29:33 | 000,407,846 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010/06/20 11:02:35 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mindjet MindManager 8.lnk
[2010/06/19 17:57:03 | 000,403,658 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20100624-082933.backup
[2010/06/18 19:02:36 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/17 15:21:28 | 000,001,004 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\magicJack.lnk
[2010/06/17 11:28:26 | 013,771,076 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Can_Water_Change_Your____Life__-_cbs2_com.flv
[2010/06/12 12:17:25 | 010,950,727 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sneaky_Simple_Solution.mp4
[2010/06/12 01:24:30 | 000,403,658 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20100619-175702.backup
[2010/06/11 21:26:02 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/11 21:26:02 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/06/10 01:02:15 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Memeo Backup.lnk
[2010/06/09 13:08:00 | 001,858,400 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/09 01:29:50 | 000,001,355 | ---- | M] () -- C:\windows\imsins.BAK
[2010/06/08 00:17:35 | 000,000,053 | ---- | M] () -- C:\windows\ArticleAssistant.ini
[2010/06/07 23:33:54 | 000,000,023 | ---- | M] () -- C:\windows\ovas.ini
[2010/06/06 14:56:02 | 004,519,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Experience___Brave_The_Wave.mp4
[2010/06/05 14:34:59 | 000,168,280 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/03 22:29:25 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.20100612-012430.backup
[2010/06/01 23:01:48 | 000,489,077 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bookmarks.html
[2010/06/01 21:57:24 | 052,348,820 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Created_by_Camtasia_Studio_6-1.mp4
[2010/06/01 17:33:35 | 000,168,280 | ---- | M] () -- C:\windows\System32\GDIPFONTCACHEV1.DAT
[2010/06/01 13:06:45 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Keyword Research Pro.lnk
[2010/05/30 20:42:58 | 007,003,068 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\-_Irvine_Chiropractor_-_Choose_the_Best_Chiropractor_in_Irvine-4.flv
[2010/05/30 20:38:47 | 001,174,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\-_Irvine_Chiropractor_-_Choose_the_Best_Chiropractor_in_Irvine-3.flv
[2010/05/30 20:37:47 | 001,647,435 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\-_Irvine_Chiropractor_-_Choose_the_Best_Chiropractor_in_Irvine-2.flv
[2010/05/30 20:37:39 | 001,442,246 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\-_Irvine_Chiropractor_-_Choose_the_Best_Chiropractor_in_Irvine-1.flv
[2010/05/30 20:37:34 | 001,647,002 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\-_Irvine_Chiropractor_-_Choose_the_Best_Chiropractor_in_Irvine.flv
[2010/05/29 17:51:55 | 000,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2010/05/29 16:56:27 | 000,000,100 | ---- | M] () -- C:\Documents and Settings\Owner\default.pls
[8 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/27 20:45:17 | 003,154,671 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet_Marketing___Keyword_Tool.mp4
[2010/06/25 18:34:15 | 000,336,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/25 18:02:51 | 050,901,890 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LISA_DIANE-System.flv
[2010/06/25 15:30:42 | 000,432,374 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2010-06-25_1529-JeffWalkerPLF_Colors.png
[2010/06/25 03:48:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2010/06/24 14:25:03 | 000,113,461 | ---- | C] () -- C:\windows\System32\drivers\Avg\iavichjw.avm
[2010/06/24 14:24:32 | 061,441,338 | ---- | C] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2010/06/24 14:24:32 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/17 11:28:20 | 013,771,076 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Can_Water_Change_Your____Life__-_cbs2_com.flv
[2010/06/12 12:17:23 | 010,950,727 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Sneaky_Simple_Solution.mp4
[2010/06/11 21:26:02 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/11 21:26:02 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/06/10 01:02:15 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Memeo Backup.lnk
[2010/06/07 23:33:54 | 000,000,023 | ---- | C] () -- C:\windows\ovas.ini
[2010/06/06 14:56:00 | 004,519,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Experience___Brave_The_Wave.mp4
[2010/06/03 20:09:17 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010/06/03 20:09:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/06/03 20:09:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/06/03 20:09:17 | 000,077,312 | ---- | C] () -- C:\windows\MBR.exe
[2010/06/03 20:09:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/06/01 23:01:47 | 000,489,077 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bookmarks.html
[2010/06/01 21:53:52 | 052,348,820 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Created_by_Camtasia_Studio_6-1.mp4
[2010/06/01 13:06:45 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Keyword Research Pro.lnk
[2010/05/30 20:42:55 | 007,003,068 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\-_Irvine_Chiropractor_-_Choose_the_Best_Chiropractor_in_Irvine-4.flv
[2010/05/30 20:38:42 | 001,174,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\-_Irvine_Chiropractor_-_Choose_the_Best_Chiropractor_in_Irvine-3.flv
[2010/05/30 20:37:44 | 001,647,435 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\-_Irvine_Chiropractor_-_Choose_the_Best_Chiropractor_in_Irvine-2.flv
[2010/05/30 20:37:37 | 001,442,246 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\-_Irvine_Chiropractor_-_Choose_the_Best_Chiropractor_in_Irvine-1.flv
[2010/05/30 20:37:32 | 001,647,002 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\-_Irvine_Chiropractor_-_Choose_the_Best_Chiropractor_in_Irvine.flv
[2010/02/24 10:32:27 | 000,000,028 | ---- | C] () -- C:\windows\ICOA.INI
[2010/02/24 10:32:19 | 000,000,000 | ---- | C] () -- C:\windows\QFN.ini
[2010/02/24 10:32:19 | 000,000,000 | ---- | C] () -- C:\windows\QDQICK.ini
[2010/02/12 11:06:32 | 000,000,064 | ---- | C] () -- C:\windows\QBWCD.INI
[2009/12/10 22:14:32 | 000,027,648 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2009/11/30 10:28:12 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.INI
[2009/11/28 22:04:57 | 000,164,352 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/11/28 22:04:53 | 000,755,027 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/11/28 22:04:53 | 000,159,839 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/11/28 22:04:52 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2009/11/28 22:04:51 | 000,007,680 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/11/28 22:04:51 | 000,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2009/09/26 01:03:26 | 000,000,754 | ---- | C] () -- C:\windows\WORDPAD.INI
[2009/09/08 00:00:34 | 000,000,053 | ---- | C] () -- C:\windows\ArticleAssistant.ini
[2009/09/07 20:05:43 | 000,000,114 | ---- | C] () -- C:\windows\aasinst.ini
[2009/09/05 10:48:03 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll
[2009/09/05 10:48:03 | 000,001,025 | ---- | C] () -- C:\windows\System32\clauth2.dll
[2009/09/05 10:48:03 | 000,001,025 | ---- | C] () -- C:\windows\System32\clauth1.dll
[2009/09/05 10:48:03 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll
[2009/09/05 10:48:03 | 000,000,073 | ---- | C] () -- C:\windows\System32\ssprs.dll
[2009/09/03 20:21:41 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2009/09/03 19:22:58 | 002,463,976 | ---- | C] () -- C:\windows\System32\NPSWF32.dll
[2009/09/01 21:54:55 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2009/08/30 10:07:54 | 000,176,235 | ---- | C] () -- C:\windows\System32\Primomonnt.dll
[2009/08/23 17:25:44 | 000,000,148 | ---- | C] () -- C:\windows\BRVIDEO.INI
[2009/08/23 17:25:44 | 000,000,023 | ---- | C] () -- C:\windows\Brownie.ini
[2009/08/23 17:25:44 | 000,000,000 | ---- | C] () -- C:\windows\brmx2001.ini
[2009/08/23 17:25:17 | 000,000,523 | ---- | C] () -- C:\windows\BRWMARK.INI
[2009/08/23 17:25:17 | 000,000,026 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2009/08/23 17:25:14 | 000,020,605 | ---- | C] () -- C:\windows\HL-4070CDW.INI
[2009/08/23 17:25:01 | 000,045,056 | ---- | C] () -- C:\windows\System32\BRTCPCON.DLL
[2009/08/23 17:25:00 | 000,000,114 | ---- | C] () -- C:\windows\System32\BRLMW03A.INI
[2009/08/21 17:21:21 | 000,042,594 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2009/08/21 17:11:14 | 000,356,352 | ---- | C] () -- C:\windows\EMCRI.dll
[2009/08/21 16:40:34 | 000,135,168 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2009/08/21 12:01:11 | 001,703,936 | R--- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2009/08/21 12:01:11 | 001,019,904 | R--- | C] () -- C:\windows\System32\nvwimg.dll
[2009/08/21 12:01:10 | 001,474,560 | R--- | C] () -- C:\windows\System32\nview.dll
[2009/08/21 12:01:10 | 000,466,944 | R--- | C] () -- C:\windows\System32\nvshell.dll
[2009/08/21 12:00:27 | 000,286,720 | R--- | C] () -- C:\windows\System32\nvnt4cpl.dll
[2009/04/26 21:13:36 | 000,000,314 | ---- | C] () -- C:\windows\primopdf.ini
[2008/08/19 18:35:28 | 000,005,994 | ---- | C] () -- C:\windows\UN080717.INI
[2003/09/17 13:00:56 | 000,266,327 | ---- | C] () -- C:\windows\System32\ADErrorHandling.dll
< End of report >

=================================================================================================

OTL Extras logfile created on: 6/27/2010 9:22:45 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 27.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 52.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 49.10 Gb Free Space | 21.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADRIAN-F7E3057B
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1757981266-73586283-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{018E037F-AD60-4632-AAF7-688A4B26BD0D}" = KeywordCorral
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1BB744F5-793A-4F94-A019-4EFD792370B8}" = BlogBot
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30F9800A-02C1-4B3A-B6D5-BA62601E4DDD}" = VZAccess Manager
"{333C4807-989C-46BD-899F-7C4D60B240F1}" = CardScan 8.0.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{49E5F021-4DA5-41A3-A893-0A9564D30264}" = Jing
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{565BA335-F3D6-466F-9AF8-B4A69A7F1300}" = ACT! by Sage Premium 2010
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}" = BlackBerry Device Software Updater
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{82B2DB92-98CA-4a0e-B1BD-18B6E2D320CB}" = Memeo Backup
"{83145333-0275-76F2-C960-70438E54EF35}" = TweetGlide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1" = Moyea FLV Editor Lite version: 1.1.1.846
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A1BC9F13-59FE-43E4-8498-DF5A721196C5}" = BlackBerry USB Drivers
"{A2A81B39-5186-48CA-92C3-5C7978870BF4}" = CommentKahuna
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BC8032F1-0D5E-43C6-B14A-77AC8F9690B5}" = DesignPro 5.0 Media Edition
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E791A7-8FB2-FF3C-C821-FECB09E2A8F5}" = Hummingbird
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6BB6935-5F1E-4A89-8F08-C71A5E18D914}" = Tweet Adder 2010
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3A45A83-5759-4571-904E-2D75ED148CAE}" = Keyword Research Pro
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7FD752A-DDB9-4685-83FD-E20C7C59BD84}" = Mindjet MindManager 8
"{D980FF5B-AC29-44DE-B0EF-5AFD964965D7}" = RSSBot
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.5 SP2
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FCD10C48-33FB-474D-8848-86E57358BE5A}" = Brother HL-4070CDW
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AcerOrbiCamDrv" = Acer Camera Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
"Allway Sync_is1" = Allway Sync version 9.4.1
"Article Assistant" = Article Assistant
"AVG9Uninstall" = AVG Free 9.0
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"com.mesiablabs.Hummingbird.DD96D946B68711898AC52ED9549DF79715E23D9C.1" = Hummingbird
"Digsby" = Digsby
"ExtractNow_is1" = ExtractNow
"FileZilla Client" = FileZilla Client 3.3.2.1
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GIF Animator" = Microsoft GIF Animator
"GoldMine 6.0" = GoldMine 6.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{565BA335-F3D6-466F-9AF8-B4A69A7F1300}" = ACT! by Sage Premium 2010
"InstallShield_{BC8032F1-0D5E-43C6-B14A-77AC8F9690B5}" = DesignPro 5.0 Media Edition
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"Niches In A Box Installer_is1" = Niches In A Box Installer v1.0
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDF-XChange 3_is1" = PDF-XChange 3
"PHP Page Generator_is1" = PHP Page Generator v 0.2.0
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Push Button PL Article Site Builder 1.4" = Push Button PL Article Site Builder 1.4
"QuickBooks 2000" = QuickBooks Pro 2000
"seopowersuite" = SEO PowerSuite
"Site Profit Bot 1.4" = Site Profit Bot 1.4
"Site Profit Bot 1.5" = Site Profit Bot 1.5
"SUPER " = SUPER Version 2010.bld.38 (May 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2009" = TurboTax 2009
"TweetGlide.BE0E4AC477CC6DB20726B09FD02F21AC0D0A649D.1" = TweetGlide
"UN080717" = BUFFALO HD-CELU2 Connection Tool
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebShot_is1" = WebShot
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1757981266-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.452

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/25/2010 3:16:27 PM | Computer Name = ADRIAN-F7E3057B | Source = MSSQL$ACT7 | ID = 17204
Description = FCB::Open failed: Could not open file C:\DATA\ACT\Databases\KANGENDOORDIE.ADF
for file number 1. OS error: 2(The system cannot find the file specified.).

Error - 6/25/2010 3:16:28 PM | Computer Name = ADRIAN-F7E3057B | Source = MSSQL$ACT7 | ID = 17207
Description = FileMgr::StartLogFiles: Operating system error 2(The system cannot
find the file specified.) occurred while creating or opening file 'C:\DATA\ACT\Databases\KANGENDOORDIE.ALF'.
Diagnose and correct the operating system error, and retry the operation.

Error - 6/25/2010 10:09:13 PM | Computer Name = ADRIAN-F7E3057B | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/25/2010 10:10:41 PM | Computer Name = ADRIAN-F7E3057B | Source = MSSQL$ACT7 | ID = 17207
Description = FCB::Open: Operating system error 2(The system cannot find the file
specified.) occurred while creating or opening file 'C:\DATA\ACT\Databases\KANGENDOORDIE.ADF'.
Diagnose and correct the operating system error, and retry the operation.

Error - 6/25/2010 10:10:41 PM | Computer Name = ADRIAN-F7E3057B | Source = MSSQL$ACT7 | ID = 17204
Description = FCB::Open failed: Could not open file C:\DATA\ACT\Databases\KANGENDOORDIE.ADF
for file number 1. OS error: 2(The system cannot find the file specified.).

Error - 6/25/2010 10:10:42 PM | Computer Name = ADRIAN-F7E3057B | Source = MSSQL$ACT7 | ID = 17207
Description = FileMgr::StartLogFiles: Operating system error 2(The system cannot
find the file specified.) occurred while creating or opening file 'C:\DATA\ACT\Databases\KANGENDOORDIE.ALF'.
Diagnose and correct the operating system error, and retry the operation.

Error - 6/26/2010 4:17:05 PM | Computer Name = ADRIAN-F7E3057B | Source = ACT! Scheduler | ID = 0
Description = Service cannot be started. System.Exception: Unable to start scheduler
service. Missing server configuration information. at Act.Scheduler.SchedulerService.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 6/26/2010 4:17:22 PM | Computer Name = ADRIAN-F7E3057B | Source = MSSQL$ACT7 | ID = 17207
Description = FCB::Open: Operating system error 2(The system cannot find the file
specified.) occurred while creating or opening file 'C:\DATA\ACT\Databases\KANGENDOORDIE.ADF'.
Diagnose and correct the operating system error, and retry the operation.

Error - 6/26/2010 4:17:22 PM | Computer Name = ADRIAN-F7E3057B | Source = MSSQL$ACT7 | ID = 17204
Description = FCB::Open failed: Could not open file C:\DATA\ACT\Databases\KANGENDOORDIE.ADF
for file number 1. OS error: 2(The system cannot find the file specified.).

Error - 6/26/2010 4:17:22 PM | Computer Name = ADRIAN-F7E3057B | Source = MSSQL$ACT7 | ID = 17207
Description = FileMgr::StartLogFiles: Operating system error 2(The system cannot
find the file specified.) occurred while creating or opening file 'C:\DATA\ACT\Databases\KANGENDOORDIE.ALF'.
Diagnose and correct the operating system error, and retry the operation.

[ System Events ]
Error - 6/24/2010 12:41:23 PM | Computer Name = ADRIAN-F7E3057B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 6/24/2010 12:42:30 PM | Computer Name = ADRIAN-F7E3057B | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/24/2010 12:56:16 PM | Computer Name = ADRIAN-F7E3057B | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/24/2010 1:43:54 PM | Computer Name = ADRIAN-F7E3057B | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/24/2010 2:39:54 PM | Computer Name = ADRIAN-F7E3057B | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/24/2010 3:17:59 PM | Computer Name = ADRIAN-F7E3057B | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/25/2010 3:17:36 PM | Computer Name = ADRIAN-F7E3057B | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/25/2010 10:11:11 PM | Computer Name = ADRIAN-F7E3057B | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/26/2010 4:17:47 PM | Computer Name = ADRIAN-F7E3057B | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 6/27/2010 8:05:15 PM | Computer Name = ADRIAN-F7E3057B | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.


< End of report >



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 PM

Posted 28 June 2010 - 02:10 AM

  1. You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    1. First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup
      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
    2. Then download ResetTeaTimer.exe to your desktop.
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.

  2. Please go to Add/Remove programs and uninstall the following rouge program (zie here):

    Advanced SystemCare 3


  3. Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      CODE
      :files
      C:\Program Files\IObit

      :otl
      O4 - HKU\S-1-5-21-1757981266-73586283-839522115-1003..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)

      :Commands
      [emptytemp]

    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.

  4. Tell me if you have Windows install CD. We need to rebuild the boot.ini file.


#7 kangenguru

kangenguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 28 June 2010 - 03:30 AM

Just a quick info - I do not have a Windows CD. My Acer laptop came with an installed image file. I had also ordered a CD from Acer but it was not a Windows disk but an image disk. I have another Dell Laptop with a Windows CD but that does not work on my Acer. When I tried using the Dell CD to load the Windows Recovery Console on my Acer laptop, there was an error regarding the version of the CD.

I will let you know of the progress of the Spybot SD and IOBit removal.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 PM

Posted 28 June 2010 - 04:20 AM

Okay, then we we rebuild boot.ini without the Windows CD. Let me know when you are done with those steps.

#9 kangenguru

kangenguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 29 June 2010 - 03:13 AM

Here is the OTL log:


All processes killed
========== FILES ==========
C:\Program Files\IObit\Advanced SystemCare 3\Update\Skin\White folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Update\Skin\Black folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Update\Skin folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3\Update folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 3 folder moved successfully.
C:\Program Files\IObit folder moved successfully.
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1757981266-73586283-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 3 not found.
File C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 29793534 bytes
->Flash cache emptied: 42025 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 577079 bytes

User: Owner
->Temp folder emptied: 182122528 bytes
->Temporary Internet Files folder emptied: 22036561 bytes
->Java cache emptied: 10680337 bytes
->FireFox cache emptied: 58682595 bytes
->Flash cache emptied: 17208 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2286687 bytes
%systemroot%\System32 .tmp files removed: 4086289 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 235280 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15242332 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 463287398 bytes

Total Files Cleaned = 753.00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 06292010_005715

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 PM

Posted 29 June 2010 - 03:23 AM

If you could stay on line to do this part it would be good.

Please be careful, follow the instruction as it is and don't reboot until we are finished with this part.
  1. Please set your system to show all files:
    • Click Start, open Computer, select the Tools menu and click Folder Options.
    • Select the View Tab. Under the Hidden files and folders heading, check Show hidden files and folders.
    • Uncheck: Hide file extensions for known file types
    • Uncheck: Hide protected operating system files (recommended) option.
    • Click Yes to confirm.

  2. Open a Notepad, copy and paste the text in the code box into it:
      CODE
      [boot loader]
      timeout=30
      [operating systems]
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=1 /fastdetect
      multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=2 /fastdetect
      scsi(0)disk(0)rdisk(0)partition(1)\WINDOWS=3 /fastdetect
      scsi(0)disk(0)rdisk(0)partition(2)\WINDOWS=4 /fastdetect
      scsi(0)disk(0)rdisk(1)partition(1)\WINDOWS=5 /fastdetect
      scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=6 /fastdetect
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: Local Disk (C:)
    • Fill in File name: boot.ini
    • Save as type: All file types (*.*)
    • Click save.

  3. Go to start > Run copy/paste the following line in the run box and click OK.

    notepad c:\boot.ini

    A text file will be open. Please post its content to your reply. It is important that you do not reboot the system until I've reviewed that log.

Edited by farbar, 29 June 2010 - 03:32 AM.


#11 kangenguru

kangenguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 29 June 2010 - 03:33 AM

Output of log:


=================================

[boot loader]
timeout=30
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=1 /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS=2 /fastdetect
scsi(0)disk(0)rdisk(0)partition(1)\WINDOWS=3 /fastdetect
scsi(0)disk(0)rdisk(0)partition(2)\WINDOWS=4 /fastdetect
scsi(0)disk(0)rdisk(1)partition(1)\WINDOWS=5 /fastdetect
scsi(0)disk(0)rdisk(1)partition(2)\WINDOWS=6 /fastdetect

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 PM

Posted 29 June 2010 - 03:37 AM

Well done.

Please print or write down or remember this instruction then reboot your system:
  • Upon reboot, you'll have 30 seconds to choose from the boot menu.
  • Use your arrow key and select 1 /fastdetect in the list and press Enter
  • Wait for it to boot Windows.
  • If you receive an error, click OK to restart the system.
  • Upon restart you will see the boot menu again. Arrow up to 2 /fastdetect and press Enter.
  • Wait for Windows to boot. If you receive an error message, same as before, click OK to restart.
  • Continue using the arrow key, going in succession from 3 /fastdetect, etc., one at a time, until Windows boots up.
  • Tell me which number worked for you.


#13 kangenguru

kangenguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 29 June 2010 - 04:22 AM

The first option 1 /fastdetect - worked the first time around! Also, I checked for the boot.ini file and it is still there.

Was not sure if I had to go thru the rest 2 - 3 - 4 etc. I stopped at 1 since my Windows startup has a lot of applications and so slow.

Edited by kangenguru, 29 June 2010 - 04:28 AM.


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:04 PM

Posted 29 June 2010 - 04:27 AM

Great. thumbup2.gif

Right click the C:\boot.ini and rename it to boot.bak

Open Notepad and copy/paste the text in the quote box below, into that empty Notepad:

CODE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect



Save this as boot.ini directly on the C:\ drive.


Go to start > Run copy/paste the following line in the run box and click OK.

notepad c:\boot.ini

A text file will be open. Please post its content to your reply. It is important that you do not reboot the system until I've reviewed that log.



#15 kangenguru

kangenguru
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 29 June 2010 - 04:32 AM

Here is the result:

==========================

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users