Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD a few seconds after windows starts


  • This topic is locked This topic is locked
36 replies to this topic

#1 gnomes31

gnomes31

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:37 PM

Posted 22 August 2010 - 10:33 PM

BSOD happens a few seconds after windows loads. I can still do safe mode and I went ahead and ran BlueScreenView.

Bare with me it is my 14 year olds laptop, what he may have done recently I can not tell you for sure. Lets just assume all manners of stupid things a teenager would do.

Before this started happening we were having problems with drivers, mouse & audio. We would have to delete them and then restart windows and then everything would seem fine.

Also a few weeks before this he had malware that I had to run rkill and then scanned with Malwarebytes. Again everything seemed to be fine but the lil fool didn't believe me it was the xbox sites he was visiting and clicking any message that would pop up that was infecting his computer.

Most recently with the last infection he didn't tell me right away and it had already killed norton. Again ran rkill, malwarebytes, uninstalled norton reinstalled norton but then I come to where I'm stuck cause I can't get a successful restart of windows cause of the BSOD. And when I do last known good config it loads the Malware again. It also will not let me do system restore.


Soooo here is the Bluescreenview info
Dump File : Mini082210-05.dmp
Crash Time : 8/22/2010 7:46:29 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 0x001902fe
Parameter 2 : 0xf794b954
Parameter 3 : 0xf794b650
Parameter 4 : 0xf1a27692
Caused By Driver : zibswvwl3.sys
Caused By Address : zibswvwl3.sys+edf0
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini082210-05.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,752 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:37 PM

Posted 23 August 2010 - 05:41 AM

Well...the fingered file reflects no Google hits (other than yours) at all, which is not a good sign.

You also have a STOP 24 error, which can indicate a problem with either the file, the NTFS file system, or the hard drive. But your STOP 24 error doesn't match up with any other such error that I have seen. In those cases, the typical file seeming suspect is ntfs.sys.

For a person who seems to have infections frequently...I suggest being on the safe side and running your situation by our Malware Team. Thus, I will move this from XP to the Am I Infected forum for a closer look.

Louis

#3 gnomes31

gnomes31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:37 PM

Posted 25 August 2010 - 12:59 AM

So far on my previous post no one has had any ideas on how to fix my laptop.

So now I am wondering if there is anyway I can download windows xp professional and reinstall it.

I have a desktop computer so If there is somewhere I can download it or download a recovery disk or anything like that?
I do not have the disk it came with, and everyone I know is going to look for their's for me to use but you know how that goes. I have searched on the laptop to try to find the copy of xp on it so I could do the recovery console but it doesn't seem as tho they saved a copy to the computer.

The laptop originaly came with Vista so I guess when they decided to switch it to xp they figured they had the cd so why worry saving a copy.

I do have my xp product key, I also have my Vista product key, I just have no idea where I can safely download either one from or if there even is a way.

Or is it possible to copy Vista off my desktop and install it to the laptop?



#4 gnomes31

gnomes31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:37 PM

Posted 25 August 2010 - 03:47 AM

I would be more than happy to download it from the microsoft site, if I knew what the heck I was looking for.
I don't want to "try" xp I already have xp and it's lovely blue screen of death.
I can not run system restore, I can only start it in safe mode. And I certainately do not want to have to buy a new OS just because my son likes to click ok everytime something pops up. I would really just like to be able to download a recovery disk if there is one for xp. Microsoft has a page where you can make a floppy disk recovery (so I would assume there ok with you getting a replacement recovery disk) but I do not have a floppy drive & now I'm pretty sure the CD drive may not be working so I think I'm down to having to use the USB.

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 AM

Posted 25 August 2010 - 06:45 AM

Hello, to avoid confusion, I merged the topic you made in the XP forum with this one.

Since you are able to boot in safe mode, there is no need to access the Recovery Console, however there is a simple way to create a bootable Recovery Console CD.

For now, in safe mode, do the following:

Click Start > Run, type notepad and press enter.
Copy/paste the following text into Notepad and save it as disable.bat
CODE
@echo off
sc stop zibswvwl3 >> log.txt
sc delete zibswvwl3 >> log.txt
ren c:\windows\system32\drivers\zibswvwl3.sys c:\windows\system32\drivers\zibswvwl3.vir >> log.txt
start log.txt
del %0
Exit notepad and run disable.bat by doubleclicking it. A logfile should open. Please post its contents here.

Also try to boot in normal mode and let me know what happens now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 gnomes31

gnomes31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:37 PM

Posted 25 August 2010 - 12:04 PM

[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service

It repeats that twice.

Poor laptop, I think I heard it cry a little. Err wait maybe thats me lol.

When I restarted it normal it tried to load windows settings twice, then it was like I told it to shutdown, even played the sounds, and went to the blue screen.

Edited by gnomes31, 25 August 2010 - 12:23 PM.


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 AM

Posted 25 August 2010 - 12:17 PM

Sorry my bad, I could have known that.

BACKUP THE REGISTRY
---------------------------
Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe


Click Start > Run, in the box that opens type notepad and press enter.
Copy/paste the text in the codebox below in Notepad and save it as fixme.bat to your desktop.
CODE
Windows Registry Editor Version 5.00

; @echo off
; REGEDIT.EXE /S "%~f0" >> log.txt
; ren c:\windows\system32\drivers\zibswvwl3.sys c:\windows\system32\drivers\zibswvwl3.vir >> log.txt
; start log.txt
; del %0

[-HKEY_Local_Machine\System\CurrentControlSet\Services\zibswvwl3]
Exit Notepad and double-click on fixme.bat to run it. A log will open. Post its contents in your next reply.


When done, try to reboot in normal mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 gnomes31

gnomes31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:37 PM

Posted 25 August 2010 - 08:51 PM

Ok, I hope I am doing it right.

I ran it just like the first one. It puts up the Dos box and tries to run and it does it so quick I can't read it all fast enough but I did catch windows is not recognized and something an internal something. Then the log pops up blank. I tried to run it a few times to read all of what the black box says but it is too damn fast.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 AM

Posted 26 August 2010 - 03:25 AM

Does normal mode still bsod?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 gnomes31

gnomes31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:37 PM

Posted 26 August 2010 - 04:03 AM

Yes, normal mode still gets bsod after loading the settings.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 AM

Posted 26 August 2010 - 04:08 AM

Lets move this topic to the malware removal forum so we can get some logs to check out what might be wrong here.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 gnomes31

gnomes31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:37 PM

Posted 26 August 2010 - 04:35 AM

I'm having to USB everything back and forth so here are the 2 logs from OTL

OTL logfile created on: 8/26/2010 2:21:51 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 756.00 Mb Available Physical Memory | 79.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 47.72 Gb Free Space | 51.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.54% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LOKI-MOBILE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/26 02:17:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/06/14 07:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
PRC - [2008/04/14 01:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/26 02:17:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 01:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -d -f %ProgramFiles%\WinPcap\rpcapd.ini -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/10 16:28:06 | 040,999,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008/07/10 16:28:06 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/07/10 16:28:04 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF)
DRV - [2008/09/18 22:34:00 | 000,290,432 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/07/10 01:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/04/14 01:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 01:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 01:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 01:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008/02/18 02:51:44 | 000,035,456 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2008/02/18 02:51:44 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/10/30 00:54:15 | 000,136,448 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0728.sys -- (SaiH0728)
DRV - [2006/09/27 06:59:00 | 001,681,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/08 02:42:24 | 001,106,888 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2001/08/17 10:59:44 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1606980848-1659004503-515967899-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1606980848-1659004503-515967899-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-1606980848-1659004503-515967899-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1606980848-1659004503-515967899-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/?ilc=1 [binary data]
IE - HKU\S-1-5-21-1606980848-1659004503-515967899-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim&ncid=snsusaimc00000001
IE - HKU\S-1-5-21-1606980848-1659004503-515967899-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-1606980848-1659004503-515967899-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1606980848-1659004503-515967899-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1606980848-1659004503-515967899-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

FF - HKLM\software\mozilla\Firefox\Extensions\\{F6B73BD7-867B-4FB8-87AC-0F565BABA610}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{F6B73BD7-867B-4FB8-87AC-0F565BABA610} [2010/08/15 18:55:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\

[2010/02/10 07:02:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/09 01:25:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com
[2010/01/24 08:50:12 | 000,002,025 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
[2010/07/27 12:39:06 | 000,002,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2008/04/14 01:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {19090308-636D-4e9b-A1CE-A647B6F794BF} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.0.0.127\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.0.0.127\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.0.0.127\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1606980848-1659004503-515967899-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1606980848-1659004503-515967899-500\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\4.0.0.127\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1606980848-1659004503-515967899-500\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [pjorvgif] C:\Documents and Settings\Administrator\Local Settings\Application Data\mcfmwrapu\wbedjxqshdw.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [Sgiza] C:\WINDOWS\asepovilometape.DLL (Sonic Solutions)
O4 - HKU\S-1-5-21-1606980848-1659004503-515967899-500..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKU\S-1-5-21-1606980848-1659004503-515967899-500..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1606980848-1659004503-515967899-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1606980848-1659004503-515967899-500..\Run: [Yquximu] C:\WINDOWS\kbsxtbd.DLL (CyberLink Corp.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8185 Wireless LAN Utility.lnk = C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-1659004503-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1263257069703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1279675054796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://www.shockwave.com/content/feedingfr...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.48.2
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/21 19:52:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/26 02:21:04 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/25 18:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/25 18:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/24 23:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/08/24 23:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/08/24 22:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\XP Recovery CD
[2010/08/24 21:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2010/08/24 21:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/08/24 21:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2010/08/24 01:24:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/24 01:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\ACW
[2010/08/21 18:38:16 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/21 18:38:16 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/21 18:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/08/21 18:37:59 | 000,362,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\symtdi.sys
[2010/08/21 18:37:59 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\symtdiv.sys
[2010/08/21 18:37:59 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymDS.sys
[2010/08/21 18:37:59 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymEFA.sys
[2010/08/21 18:37:58 | 000,325,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\srtsp.sys
[2010/08/21 18:37:58 | 000,116,272 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\Ironx86.sys
[2010/08/21 18:37:58 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\srtspx.sys
[2010/08/21 18:37:57 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0400000.07F\cchpx86.sys
[2010/08/21 18:37:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/08/21 18:37:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0400000.07F
[2010/08/21 18:06:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/08/20 18:29:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/08/20 17:58:09 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/20 11:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\mcfmwrapu
[2010/08/18 05:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\iHc
[2010/08/18 03:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Team_Aversion
[2010/08/16 00:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\_
[2010/08/15 18:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{F6B73BD7-867B-4FB8-87AC-0F565BABA610}
[2010/08/15 18:55:48 | 000,093,696 | ---- | C] (MaresWEB) -- C:\WINDOWS\nsvpod.exe
[2010/08/15 10:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\modding
[2010/08/15 10:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Datel
[2010/08/13 21:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/08/13 02:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\AIMLogger
[2010/08/12 05:30:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2010/08/12 05:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL
[2010/08/12 05:30:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AIM
[2010/08/12 05:30:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/08/12 05:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/08/12 05:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/08/12 05:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/08/09 02:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/08/09 02:09:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/09 02:09:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/09 02:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/09 02:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/09 00:07:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/08/08 17:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GameTuts
[2010/08/08 17:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GameTuts
[2010/08/08 01:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/08/06 19:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/06 19:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/08/06 18:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo!
[2010/08/05 22:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2010/08/05 22:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec
[2010/08/01 06:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/07/31 16:20:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/07/31 15:58:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/07/31 15:58:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/31 15:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Yahoo
[2010/07/31 15:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/07/30 10:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/30 10:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/30 10:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
[2010/07/30 10:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/07/30 10:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/07/30 03:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/30 03:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/28 23:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/28 23:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/28 23:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/07/25 02:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DivX
[2010/07/23 16:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/07/23 16:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity
[2010/07/22 03:09:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/07/15 03:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\9DD9A388735BB47F8AA2EE1E58B16A3C
[2010/07/14 21:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Emmalith & Cadance
[2010/07/12 20:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\JumpStart
[2010/07/12 20:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\JumpStart World
[2010/07/12 19:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Knowledge Adventure
[2010/07/12 19:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Knowledge Adventure
[2010/07/12 19:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
[2010/07/12 19:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\JumpStart
[2010/06/29 01:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/06/29 01:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/06/24 12:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\MW2_Hack_Lobby_Post_Your_Gamertag
[2010/06/23 21:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Games
[2010/06/23 21:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\My Games
[2010/06/23 19:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2010/06/23 19:55:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2010/06/17 02:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/13 14:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/06/13 14:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2010/06/10 19:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/10 19:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/10 19:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/10 19:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/10 19:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/10 19:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
[2010/06/06 17:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Titanium Gears
[2010/06/06 17:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/06/05 20:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Datel
[2010/05/30 22:57:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/26 02:18:12 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
[2010/08/26 02:17:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/26 02:17:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/08/26 02:01:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/26 02:01:37 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/26 02:01:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 18:53:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/25 18:53:24 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/25 18:53:20 | 003,712,744 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/25 18:25:53 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/25 18:24:22 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/08/25 18:24:22 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/08/24 23:29:36 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/08/24 23:29:36 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2010/08/24 23:22:28 | 000,324,636 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rc.iso
[2010/08/24 22:24:33 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Recovery CD Maker.lnk
[2010/08/24 21:42:49 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\KeyFinder.lnk
[2010/08/24 15:40:56 | 000,002,838 | ---- | M] () -- C:\WINDOWS\ipanugaz.dll
[2010/08/24 13:34:49 | 000,000,608 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/24 13:34:49 | 000,000,454 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/24 13:34:49 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/08/24 13:12:27 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/23 01:37:13 | 000,002,838 | ---- | M] () -- C:\WINDOWS\uyuferosuloroma.dll
[2010/08/23 01:28:32 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/08/23 00:57:57 | 000,002,838 | ---- | M] () -- C:\WINDOWS\ecayejuh.dll
[2010/08/22 10:27:48 | 000,002,838 | ---- | M] () -- C:\WINDOWS\ubebasusevihe.dll
[2010/08/21 21:13:02 | 000,002,838 | ---- | M] () -- C:\WINDOWS\iwixoyenevud.dll
[2010/08/21 21:13:01 | 000,002,838 | ---- | M] () -- C:\WINDOWS\Msole.dat
[2010/08/21 18:38:16 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/21 18:38:16 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/21 18:38:16 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/21 18:38:16 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/08/21 18:38:01 | 000,002,274 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/08/21 18:05:14 | 000,000,574 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
[2010/08/21 17:23:59 | 000,746,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/21 17:23:59 | 000,606,242 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/21 17:23:59 | 000,127,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/21 17:22:42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/21 16:34:04 | 000,002,838 | ---- | M] () -- C:\WINDOWS\ecifowas.dll
[2010/08/21 12:45:05 | 000,002,838 | ---- | M] () -- C:\WINDOWS\ahasuleb.dll
[2010/08/21 12:02:06 | 000,002,838 | ---- | M] () -- C:\WINDOWS\ikefixip.dll
[2010/08/21 11:24:27 | 000,002,838 | ---- | M] () -- C:\WINDOWS\agejikehadeh.dll
[2010/08/21 09:37:37 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/21 09:22:29 | 000,002,838 | ---- | M] () -- C:\WINDOWS\ulebevam.dll
[2010/08/21 07:16:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Twamewejoguxabo.bin
[2010/08/20 22:10:40 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/20 17:51:38 | 000,002,838 | ---- | M] () -- C:\WINDOWS\uyosihol.dll
[2010/08/20 16:50:21 | 000,002,838 | ---- | M] () -- C:\WINDOWS\iyayofik.dll
[2010/08/20 13:54:17 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\xpsd.sys
[2010/08/20 12:02:03 | 000,002,838 | ---- | M] () -- C:\WINDOWS\okuwuyana.dll
[2010/08/19 12:57:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/18 03:59:10 | 002,366,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\iHc Xbox 360 Full Release.zip
[2010/08/16 23:59:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/15 18:55:50 | 000,093,696 | ---- | M] (MaresWEB) -- C:\WINDOWS\nsvpod.exe
[2010/08/14 18:08:33 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/12 05:30:40 | 000,000,454 | -H-- | M] () -- C:\IPH.PH
[2010/08/12 05:30:36 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/08/12 05:30:36 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/08/09 02:09:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/09 01:31:58 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/08 01:15:28 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk
[2010/08/06 21:00:10 | 000,000,060 | ---- | M] () -- C:\Program Files\sh4.dat
[2010/08/06 21:00:10 | 000,000,004 | ---- | M] () -- C:\Program Files\sh3.dat
[2010/08/06 18:43:58 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/08/06 18:43:57 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/06 12:24:31 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2010/08/03 16:54:08 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/31 18:15:30 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\8lwn50I.dat
[2010/07/20 19:37:38 | 000,093,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/12 22:14:40 | 000,000,479 | ---- | M] () -- C:\WINDOWS\ka.ini
[2010/07/01 21:22:58 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/07/01 21:22:58 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/06/30 09:31:21 | 000,100,278 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Lucas Vs XBL.zip
[2010/06/29 01:10:27 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/06/17 01:22:38 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/26 02:21:10 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RKUnhookerLE.EXE
[2010/08/25 18:25:53 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/25 18:24:22 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/08/25 18:24:22 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/08/24 23:34:13 | 000,324,636 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rc.iso
[2010/08/24 23:29:36 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/08/24 23:29:36 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2010/08/24 22:24:33 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Recovery CD Maker.lnk
[2010/08/24 21:42:49 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\KeyFinder.lnk
[2010/08/24 15:40:56 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ipanugaz.dll
[2010/08/24 13:34:53 | 000,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8185 Wireless LAN Utility.lnk
[2010/08/23 01:44:34 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/08/23 01:37:13 | 000,002,838 | ---- | C] () -- C:\WINDOWS\uyuferosuloroma.dll
[2010/08/23 00:57:57 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ecayejuh.dll
[2010/08/22 10:27:48 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ubebasusevihe.dll
[2010/08/21 21:13:01 | 000,002,838 | ---- | C] () -- C:\WINDOWS\iwixoyenevud.dll
[2010/08/21 18:38:16 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/21 18:38:16 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/08/21 18:38:01 | 000,002,274 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/08/21 18:37:31 | 000,001,473 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymNetV.inf
[2010/08/21 18:37:31 | 000,001,445 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymNet.inf
[2010/08/21 18:37:30 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymEFA.inf
[2010/08/21 18:37:30 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymDS.inf
[2010/08/21 18:37:30 | 000,001,388 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\srtspx.inf
[2010/08/21 18:37:30 | 000,001,382 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\srtsp.inf
[2010/08/21 18:37:30 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\Iron.inf
[2010/08/21 18:37:29 | 000,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\ccHPx86.inf
[2010/08/21 18:37:28 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\symnetv.cat
[2010/08/21 18:37:28 | 000,007,444 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymEFA.cat
[2010/08/21 18:37:28 | 000,007,442 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\srtspx.cat
[2010/08/21 18:37:28 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\srtsp.cat
[2010/08/21 18:37:28 | 000,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\iron.cat
[2010/08/21 18:37:28 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymDS.cat
[2010/08/21 18:37:28 | 000,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\cchpx86.cat
[2010/08/21 18:37:28 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\SymNet.cat
[2010/08/21 18:37:28 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0400000.07F\isolate.ini
[2010/08/21 16:34:04 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ecifowas.dll
[2010/08/21 12:45:05 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ahasuleb.dll
[2010/08/21 12:02:06 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ikefixip.dll
[2010/08/21 11:24:27 | 000,002,838 | ---- | C] () -- C:\WINDOWS\agejikehadeh.dll
[2010/08/21 09:22:28 | 000,002,838 | ---- | C] () -- C:\WINDOWS\ulebevam.dll
[2010/08/20 17:51:38 | 000,002,838 | ---- | C] () -- C:\WINDOWS\uyosihol.dll
[2010/08/20 16:50:21 | 000,002,838 | ---- | C] () -- C:\WINDOWS\iyayofik.dll
[2010/08/20 13:54:17 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\xpsd.sys
[2010/08/20 12:02:03 | 000,002,838 | ---- | C] () -- C:\WINDOWS\okuwuyana.dll
[2010/08/18 03:59:10 | 002,366,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\iHc Xbox 360 Full Release.zip
[2010/08/12 05:30:36 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2010/08/12 05:30:36 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/08/12 05:30:17 | 000,000,454 | -H-- | C] () -- C:\IPH.PH
[2010/08/10 20:00:37 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NickJr.com--Play to Learn with Dora the Explorer, Blue's Clues, Little Bill and More!.url
[2010/08/09 23:03:55 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ranmiq.dat
[2010/08/09 02:09:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/08 01:10:13 | 000,000,574 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
[2010/08/06 19:04:30 | 000,000,060 | ---- | C] () -- C:\Program Files\sh4.dat
[2010/08/06 19:04:30 | 000,000,004 | ---- | C] () -- C:\Program Files\sh3.dat
[2010/08/06 18:43:57 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/06 18:43:57 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/08/06 12:24:30 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2010/08/03 16:54:08 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/08/02 04:23:49 | 000,064,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/31 19:51:21 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk
[2010/07/30 10:26:16 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8lwn50I.dat
[2010/07/28 23:30:56 | 000,002,838 | ---- | C] () -- C:\WINDOWS\Msole.dat
[2010/07/28 23:30:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twamewejoguxabo.bin
[2010/07/22 03:09:47 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/07/12 19:27:55 | 000,000,479 | ---- | C] () -- C:\WINDOWS\ka.ini
[2010/07/01 21:22:58 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/06/30 09:31:21 | 000,100,278 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Lucas Vs XBL.zip
[2010/06/29 01:10:27 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 5.lnk
[2010/06/10 19:34:11 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/10 19:27:45 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/11 22:09:55 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/19 18:46:08 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009/03/27 14:51:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/30 11:21:53 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/30 11:21:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/12/30 11:21:50 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/30 11:21:50 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/30 11:21:49 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/30 11:21:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/30 11:21:48 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/21 13:42:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\audstub.sys

========== LOP Check ==========

[2010/07/16 13:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\9DD9A388735BB47F8AA2EE1E58B16A3C
[2010/08/12 05:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2010/07/16 04:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2010/04/13 16:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/05 20:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Datel
[2010/06/17 01:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2010/08/08 17:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GameTuts
[2010/08/24 23:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/05/14 20:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2010/08/17 04:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/08/05 22:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2010/06/06 17:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Titanium Gears
[2010/07/23 16:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
[2010/06/23 01:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/01/22 22:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Virtual City
[2010/08/12 05:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/10/28 11:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/10/13 08:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2010/08/24 21:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/06 16:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/09 04:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/06/10 19:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/10 03:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/12/06 06:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loki\Application Data\.BitTornado
[2009/12/21 00:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loki\Application Data\BitTorrent
[2009/04/29 11:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loki\Application Data\Graboid Inc
[2009/12/04 11:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loki\Application Data\LimeWire
[2009/01/06 07:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Loki\Application Data\MyScribe
[2010/08/26 02:01:37 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A31BF83C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD7C3EFB
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:04A2BA27
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4829D27E
< End of report >

2nd Log
OTL Extras logfile created on: 8/26/2010 2:21:51 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 756.00 Mb Available Physical Memory | 79.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 47.72 Gb Free Space | 51.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.54% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LOKI-MOBILE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{478A4971-68B3-4BD9-A379-4EDD111A6BA7}" = JS3DPreSchool
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7197F874-B0E0-4A73-A880-7E712F4D0EB7}}_is1" = Uninstall KnightOnline
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A2F0A59-B202-4D2A-9343-A7E5ACE852B7}" = JSWPFCom
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B2EB23D7-8AA5-457F-82B8-4F60321A9CC7}" = JSWPFGradeK
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{BEF106F8-2689-4530-925A-E1117836E8CD}" = Google SketchUp 7
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{EF72E0A5-57E8-471F-837E-82BB19771363}" = REALTEK RTL8185 Wireless LAN Driver and Utility
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BitTornado" = BitTornado 0.3.17
"BitTorrent" = BitTorrent
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"JumpStart 3D Ages 3-5" = JumpStart 3D Ages 3-5
"JumpStart 3D Ages 4-6" = JumpStart 3D Ages 4-6
"JumpStart Advanced PreSchool Explore and Learn" = JumpStart Advanced PreSchool Explore and Learn
"JumpStart Languages" = JumpStart Languages
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.2 (Full)
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"MSNINST" = MSN
"My Tribe" = My Tribe
"N360" = Norton Security Suite
"NSS" = Norton Security Scan
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TeamViewer 5" = TeamViewer 5
"uTorrent" = µTorrent
"Virtual City" = Virtual City
"Virtual Families" = Virtual Families
"World of Warcraft" = World of Warcraft
"XPort 360_is1" = XPort 360
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1606980848-1659004503-515967899-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/24/2010 6:39:33 PM | Computer Name = LOKI-MOBILE | Source = Google Update | ID = 20
Description =

Error - 8/25/2010 2:43:38 AM | Computer Name = LOKI-MOBILE | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8/26/2010 5:18:29 AM | Computer Name = LOKI-MOBILE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 8/26/2010 5:18:58 AM | Computer Name = LOKI-MOBILE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/26/2010 5:19:22 AM | Computer Name = LOKI-MOBILE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/26/2010 5:20:09 AM | Computer Name = LOKI-MOBILE | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 8/26/2010 5:20:09 AM | Computer Name = LOKI-MOBILE | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 8/26/2010 5:20:09 AM | Computer Name = LOKI-MOBILE | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 8/26/2010 5:20:09 AM | Computer Name = LOKI-MOBILE | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 8/26/2010 5:20:09 AM | Computer Name = LOKI-MOBILE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 8/26/2010 5:20:14 AM | Computer Name = LOKI-MOBILE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/26/2010 5:20:55 AM | Computer Name = LOKI-MOBILE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

#13 gnomes31

gnomes31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:37 PM

Posted 26 August 2010 - 04:46 AM

I can not get the Root one to run. I do get the Error message, I have tried hitting, ok, cancel and just closing the box and the farthest I can get is parasite removed but then when it opens the initializing box I get another Error...... "Error loading/opening driver" I let it sit for a few to see if it does it's thing but nothing happens.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,113 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:37 AM

Posted 26 August 2010 - 05:25 AM

Please skip that for now and try the following:

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 gnomes31

gnomes31
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:37 PM

Posted 26 August 2010 - 02:36 PM

Sigh, I think possibly the laptop is growing smarter and trying to take over the world. I can not connect to the internet now. When I go into device manager I have the yellow exclamation point on my Modem Device on High Definition Audio. I have tried to fix it but it says it cant find it and of course wants me to connect to the internet to find it crazy.gif Will this only affect a wireless connection? Can I get around it by using a wired connection?
Sorry this is becoming such a project. I wish they made them with an easy button or one of those buttons you have to push in with a pen that resets everything wacko.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users