Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to install Windows updates


  • This topic is locked This topic is locked
33 replies to this topic

#1 tyl604

tyl604

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:08:00 AM

Posted 05 May 2011 - 12:38 PM

The computer will no longer install downloaded updates for Windows. I found some trojans and they are now quarantined but that did not help. GMER did not seem to extract properly using ALZip but it seemed to try to run. When I hit the .exe file in the GMER folder it said LoadDriver (C:\Documen~1\Owner\Locals~1]Temp\kwpcifoc.sys) error OxC000009A: Cannot create a stable subkey under a volatile parent key.

When I ran it it did not allow me to check anything except Services, Registry, and Files for C: The other boxes that should have been checked were grayed out and would not take a check. So I ran the program and got basically nothing.

Here are my logs as requested:

DDS txt file -

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 12:40:47.65 on Thu 05/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.871 [GMT -4:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Secunia\PSI\psi.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
BHO: ALToolbarBho Class: {7f1a79f9-78d1-4186-9f60-ee0b63df042a} - c:\program files\estsoft\altoolbar\ALToolBand_114_25.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll
BHO: CGreenPrintPDF Object: {df96ba30-57f6-4700-8065-910ec3be9e3b} - c:\program files\greenprint technologies\greenprint world\GPIEPlugin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: ALToolBar: {38fbe93d-4ca1-4414-af6a-94920c5bd8da} - c:\program files\estsoft\altoolbar\ALToolBand_114_25.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: ALToolBar &Search - c:\program files\estsoft\altoolbar\ALToolBandRes.dll/23/SEARCH.HTML
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {DF96BA30-57F6-4700-8065-910EC3BE9E3B}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {554099FE-3856-4d93-86B5-0024AEF63BC7} - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - c:\program files\greenprint technologies\greenprint world\GPIEPlugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.13/TSWeb.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
TCP: {C67CCB09-8BC9-4F56-A019-BE10B941398D} = 68.94.156.1,68.94.157.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\WINDOW scecli
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-18 130936]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-23 136360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-23 61960]
R3 ODWGU(Ativa);Ativa Wireless G USB Network Adapter(Ativa);c:\windows\system32\drivers\ODWGU.sys [2008-3-24 408064]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-2-15 30192]
S3 hpusbwdm;HP DVD Movie Writer dc3000/dc4000;c:\windows\system32\drivers\hpusbwdm.sys [2004-1-5 1080832]
.
=============== Created Last 30 ================
.
2011-05-04 20:08:29 -------- d-----w- c:\windows\system32\CatRoot2
2011-05-04 19:49:13 -------- d-----w- c:\documents and settings\owner\DoctorWeb
2011-05-04 18:53:58 709456 ----a-w- c:\windows\isRS-000.tmp
2011-04-17 07:01:04 714752 ----a-w- c:\windows\system32\ntdll.dll
2011-04-17 07:01:04 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-17 07:01:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-16 07:01:04 714752 ------w- c:\windows\system32\_000032_.tmp.dll
2011-04-14 12:42:01 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PCHealth
2011-04-14 07:06:03 285824 ----a-w- c:\windows\system32\SET51.tmp
2011-04-14 07:01:11 714752 ------w- c:\windows\system32\_000018_.tmp.dll
2011-04-13 18:45:36 -------- d-----w- c:\program files\Citrix
2011-04-13 07:01:10 714752 ------w- c:\windows\system32\_000031_.tmp.dll
2011-04-05 20:11:30 4096 ----a-w- c:\windows\system32\OLD101.tmp
2011-04-05 17:01:55 714752 ------w- c:\windows\system32\_000017_.tmp.dll
.
==================== Find3M ====================
.
2011-03-09 18:20:16 49152 ----a-r- c:\windows\OvtWia.dll
2011-03-09 18:20:16 32768 ----a-r- c:\windows\system32\OvtFBoot.dll
2011-03-09 18:20:15 53248 ----a-r- c:\windows\system32\EXT2800.DLL
2011-03-09 18:20:15 18944 ----a-r- c:\windows\system32\OV550Ext.ax
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-15 12:56:39 290432 ------w- c:\windows\system32\SET4C.tmp
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
.
============= FINISH: 12:41:25.65 ===============

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:00 PM

Posted 12 May 2011 - 10:40 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:08:00 AM

Posted 16 May 2011 - 11:08 AM

Myrti - In response to your questions I am running a 32 bit WinXP Home Edition Version 2002 Service Pack 3. The emachines DT2698 came with WinXP installed. It came with a Restore CD which has "a copy of all software (e.g. Windows, drivers, and application programs) originally installed on your hard disk." Problem - WinXP updates will download but they will not install. I am concerned about running a constantly out of date XP.

Your reply does not open for OTL.txt or Extra.txt for some reason. I will copy and paste below. After running it twice I have not found the Extra.txt file. Here is the OTL file.

OTL.txt

OTL logfile created on: 5/16/2011 11:46:08 AM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop\BleepingComputer docs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 146.55 Gb Free Space | 62.93% Space Free | Partition Type: NTFS
Drive E: | 1.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 983.72 Mb Total Space | 340.48 Mb Free Space | 34.61% Space Free | Partition Type: FAT

Computer Name: OWNER-553C6D8F9 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 11:44:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\BleepingComputer docs\OTL.exe
PRC - [2011/04/27 03:08:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/16 17:19:34 | 002,402,512 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/07/21 07:43:54 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2008/09/28 12:39:00 | 000,252,416 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2008/09/27 17:52:00 | 000,162,304 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/09/16 16:55:36 | 001,388,648 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/08/27 10:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/16 11:44:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\BleepingComputer docs\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/27 03:08:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/08/04 01:56:58 | 000,073,796 | ---- | M] (Smart Link) [Disabled | Stopped] -- C:\windows\System32\slserv.exe -- (SLService)
SRV - [2003/09/16 16:55:36 | 001,388,648 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/08/27 10:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/04/15 09:17:15 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\windows\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2009/04/03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2007/10/01 17:20:40 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2006/07/07 16:23:30 | 000,408,064 | R--- | M] (Ativa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ODWGU.sys -- (ODWGU(Ativa)) Ativa Wireless G USB Network Adapter(Ativa)
DRV - [2005/10/16 08:00:00 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\windows\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2004/08/06 03:17:48 | 000,017,216 | R--- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (ax88772)
DRV - [2004/08/03 23:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/03 23:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/08/03 23:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/03 23:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/03 23:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/03 23:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/08/03 23:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/06/03 11:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/05/25 16:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/05/25 16:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/04/02 16:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2004/01/29 02:45:50 | 000,093,764 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2004/01/05 11:01:20 | 001,080,832 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpusbwdm.sys -- (hpusbwdm)
DRV - [2003/09/19 16:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Pfc.sys -- (pfc)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1998/05/07 12:28:28 | 000,071,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A4S2600.SYS -- (A4S2600)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1935655697-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1935655697-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1935655697-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2011/03/23 15:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions
[2011/03/23 15:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/11/01 13:30:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (ALToolbarBho Class) - {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_114_25.dll (ESTsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (CGreenPrintPDF Object) - {DF96BA30-57F6-4700-8065-910EC3BE9E3B} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll (GreenPrint Technologies)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ALToolBar) - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBand_114_25.dll (ESTsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-21-1935655697-879983540-839522115-1003..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: ALToolBar &Search - C:\Program Files\ESTsoft\ALToolBar\ALToolBandRes.dll (ESTsoft Corporation)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: GreenPrint - {554099FE-3856-4d93-86B5-0024AEF63BC7} - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPIEPlugin.dll (GreenPrint Technologies)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O15 - HKU\.DEFAULT\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1935655697-879983540-839522115-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Reg Error: Value error.)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} https://www.mesh.com/0.9.4014.13/TSWeb.cab (Reg Error: Value error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll (PCPitstop Exam)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/24 15:13:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "SLService"
MsConfig - Services: "mcmscsvc"
MsConfig - Services: "LightScribeService"
MsConfig - Services: "gusvc"
MsConfig - Services: "GoogleDesktopManager-110309-193829"
MsConfig - Services: "CCALib8"
MsConfig - Services: "Bonjour Service"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk - C:\QUICKENW\BILLMIND.EXE - (Intuit)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk - C:\QUICKENW\QWDLLS.EXE - (Intuit)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TextBridge Instant Access OCR.lnk - C:\Program Files\TextBridge Classic\Bin\TBMenu.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Secunia PSI (RC1).lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Secunia PSI.lnk - C:\Program Files\Secunia\PSI\psi.exe - (Secunia)
MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Watch.lnk - C:\WINDOWS\twain_32\A4S2_600\watch.exe - ()
MsConfig - StartUpReg: 2Wire Wireless Manager - hkey= - key= - C:\Program Files\2Wire Wireless Manager\2Wire.exe (2Wire)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: GPPrinterNotify - hkey= - key= - C:\Program Files\GreenPrint Technologies\GreenPrint World\GPPrinterNotify.exe (GreenPrint Technologies)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe ()
MsConfig - StartUpReg: MoeMonitor.exe - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: OpwareSE4 - hkey= - key= - C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - File not found
SafeBootMin: sdcoreservice - Reg Error: Value error.
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave1 - C:\windows\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 09:48:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Taxes 2011
[2011/05/04 16:08:29 | 000,000,000 | ---D | C] -- C:\windows\System32\CatRoot2
[2011/05/04 15:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2011/04/21 10:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Superior Bank MMC
[2011/04/17 03:01:04 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011/04/17 03:01:04 | 002,066,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2008/03/24 14:36:37 | 000,014,976 | ---- | C] ( ) -- C:\windows\System32\drivers\winddx.sys
[2007/10/14 21:35:00 | 000,040,960 | ---- | C] ( ) -- C:\windows\OMNIUNS.EXE
[6 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 11:39:31 | 000,000,312 | ---- | M] () -- C:\windows\tasks\GlaryInitialize.job
[2011/05/16 11:39:13 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/16 11:39:12 | 1543,032,832 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/16 11:23:56 | 000,013,646 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/05/13 12:00:00 | 000,000,500 | ---- | M] () -- C:\windows\tasks\One-Click Tweak.job
[2011/05/12 09:08:10 | 000,005,589 | ---- | M] () -- C:\windows\ORG2.INI
[2011/05/12 09:07:45 | 003,916,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ML Office.OR2
[2011/05/09 15:40:13 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2011/05/09 13:36:20 | 000,001,959 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\33460064_lock%20injection%20pump%20lever_dty5h4[1].JPG
[2011/05/09 11:18:44 | 000,103,834 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Vac damper pic2.jpg
[2011/05/09 11:17:22 | 000,340,318 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Vac damper pic.JPG
[2011/05/09 10:00:48 | 000,001,288 | ---- | M] () -- C:\windows\QUICKEN.INI
[2011/05/09 09:20:18 | 000,124,180 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sales and Use Pymt Mar 2011.pdf
[2011/05/04 17:51:46 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2011/05/04 16:58:41 | 000,023,392 | ---- | M] () -- C:\windows\System32\nscompat.tlb
[2011/05/04 16:58:41 | 000,016,832 | ---- | M] () -- C:\windows\System32\amcompat.tlb
[2011/05/04 16:53:48 | 000,001,398 | ---- | M] () -- C:\windows\wininit.ini
[2011/05/04 16:53:31 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ALZip.lnk
[2011/05/04 16:00:41 | 000,384,776 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\installer-for-alzip.exe
[2011/04/18 03:05:21 | 000,211,288 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/04/18 03:01:42 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[6 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/09 13:37:26 | 000,001,959 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\33460064_lock%20injection%20pump%20lever_dty5h4[1].JPG
[2011/05/09 11:18:44 | 000,103,834 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Vac damper pic2.jpg
[2011/05/09 11:17:22 | 000,340,318 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Vac damper pic.JPG
[2011/05/09 09:21:17 | 000,124,180 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Sales and Use Pymt Mar 2011.pdf
[2011/05/05 09:44:49 | 1543,032,832 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/04 16:53:31 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ALZip.lnk
[2011/05/04 15:59:13 | 000,384,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\installer-for-alzip.exe
[2011/03/22 15:36:20 | 000,005,115 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2011/03/10 17:16:57 | 000,018,944 | ---- | C] () -- C:\windows\System32\xrxscnui.dll
[2011/02/25 10:54:10 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Account.atomsvc
[2010/10/31 19:56:45 | 000,034,560 | ---- | C] () -- C:\windows\System32\drivers\Normandy.sys
[2010/10/21 11:22:43 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2010/08/20 13:17:20 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/10/21 14:46:12 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/09/23 15:17:38 | 000,017,296 | ---- | C] () -- C:\windows\System32\gpmon.dll
[2009/07/22 14:52:25 | 000,007,378 | ---- | C] () -- C:\windows\_000004_.tmp.dll
[2009/07/13 15:31:33 | 000,001,398 | ---- | C] () -- C:\windows\wininit.ini
[2009/04/15 09:18:59 | 000,000,715 | ---- | C] () -- C:\windows\aolback.exe.lnk
[2009/04/15 09:13:13 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat
[2008/05/06 11:55:04 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008/04/11 11:41:09 | 000,005,632 | ---- | C] () -- C:\windows\System32\CNMVS4b.DLL
[2008/03/31 18:52:56 | 000,000,151 | ---- | C] () -- C:\windows\PhotoSnapViewer.INI
[2008/03/27 16:04:37 | 000,044,491 | ---- | C] () -- C:\windows\System32\MiiIniFile13.ini
[2008/03/27 16:04:34 | 000,285,216 | ---- | C] () -- C:\windows\System32\drivers\Onsio.sys
[2008/03/27 16:04:34 | 000,007,680 | ---- | C] () -- C:\windows\System32\drivers\Onsreged.sys
[2008/03/26 10:43:51 | 000,000,030 | ---- | C] () -- C:\windows\INTURS.DAT
[2008/03/26 10:43:41 | 000,000,024 | ---- | C] () -- C:\windows\qfnonl.ini
[2008/03/26 10:42:14 | 000,000,028 | ---- | C] () -- C:\windows\ICOA.INI
[2008/03/26 10:42:06 | 000,000,000 | ---- | C] () -- C:\windows\QFN.ini
[2008/03/26 10:42:06 | 000,000,000 | ---- | C] () -- C:\windows\QDQICK.ini
[2008/03/25 10:22:17 | 000,118,784 | ---- | C] () -- C:\windows\System32\HMPV2_ENC_MMX.dll
[2008/03/25 10:22:17 | 000,118,784 | ---- | C] () -- C:\windows\System32\HMPV2_ENC.dll
[2008/03/25 10:22:17 | 000,110,592 | ---- | C] () -- C:\windows\System32\Hmpg12.dll
[2008/03/25 10:22:17 | 000,065,536 | ---- | C] () -- C:\windows\System32\multiplex_vcd.dll
[2008/03/24 19:51:04 | 000,000,000 | ---- | C] () -- C:\windows\OpPrintServer.INI
[2008/03/24 19:45:05 | 000,001,676 | ---- | C] () -- C:\windows\EXCEL5.INI
[2008/03/24 19:45:02 | 000,000,116 | ---- | C] () -- C:\windows\msquery.ini
[2008/03/24 19:12:54 | 000,001,288 | ---- | C] () -- C:\windows\QUICKEN.INI
[2008/03/24 19:12:53 | 000,000,699 | ---- | C] () -- C:\windows\intuprof.ini
[2008/03/24 19:12:52 | 000,006,472 | ---- | C] () -- C:\windows\ICOADB32.DAT
[2008/03/24 19:10:29 | 000,000,753 | ---- | C] () -- C:\windows\Ulead32.ini
[2008/03/24 19:09:34 | 000,000,160 | ---- | C] () -- C:\windows\pixcache.ini
[2008/03/24 19:09:29 | 000,000,513 | ---- | C] () -- C:\windows\maxlink.ini
[2008/03/24 19:09:21 | 000,026,112 | ---- | C] () -- C:\windows\System32\PIXTHK32.DLL
[2008/03/24 19:09:21 | 000,012,126 | ---- | C] () -- C:\windows\System32\PIXPCZ.DLL
[2008/03/24 19:09:21 | 000,000,081 | ---- | C] () -- C:\windows\TB96.INI
[2008/03/24 19:09:20 | 000,011,934 | ---- | C] () -- C:\windows\System32\PIXPNR.DLL
[2008/03/24 19:08:48 | 000,000,000 | ---- | C] () -- C:\windows\Mailmark.ini
[2008/03/24 19:08:46 | 000,000,052 | ---- | C] () -- C:\windows\watch.ini
[2008/03/24 19:08:25 | 000,001,901 | ---- | C] () -- C:\windows\ATM.INI
[2008/03/24 19:08:25 | 000,001,716 | ---- | C] () -- C:\windows\ACROREAD.INI
[2008/03/24 19:08:25 | 000,000,027 | ---- | C] () -- C:\windows\ACROGRAF.INI
[2008/03/24 19:08:23 | 000,000,587 | ---- | C] () -- C:\windows\moffice.ini
[2008/03/24 19:08:22 | 000,071,520 | ---- | C] () -- C:\windows\System32\drivers\A4S2600.SYS
[2008/03/24 19:08:12 | 000,000,016 | ---- | C] () -- C:\windows\S2600.INI
[2008/03/24 19:06:51 | 000,000,306 | ---- | C] () -- C:\windows\lotus.ini
[2008/03/24 19:06:51 | 000,000,121 | ---- | C] () -- C:\windows\ODBCISAM.INI
[2008/03/24 19:06:50 | 000,005,589 | ---- | C] () -- C:\windows\ORG2.INI
[2008/03/24 19:06:49 | 000,001,684 | ---- | C] () -- C:\windows\ODBC.INI
[2008/03/24 17:53:55 | 000,000,376 | ---- | C] () -- C:\windows\mozregistry.dat
[2008/03/24 16:55:14 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/24 15:15:35 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2008/03/24 15:11:11 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2008/03/24 14:36:37 | 000,512,000 | ---- | C] () -- C:\windows\System32\SLLights.dll
[2008/03/24 14:36:37 | 000,380,928 | ---- | C] () -- C:\windows\System32\slmh.exe
[2008/03/24 14:36:37 | 000,188,416 | ---- | C] () -- C:\windows\System32\amr_cpl.dll
[2008/03/24 14:36:37 | 000,167,936 | ---- | C] () -- C:\windows\System32\minirec.exe
[2008/03/24 14:36:37 | 000,135,168 | ---- | C] () -- C:\windows\System32\SLMOHServ.dll
[2008/03/24 14:36:37 | 000,065,536 | ---- | C] () -- C:\windows\SmCfg.exe
[2008/03/24 14:36:30 | 000,053,248 | ---- | C] () -- C:\windows\System32\coinst.dll
[2008/03/24 10:04:36 | 000,005,406 | ---- | C] () -- C:\windows\ODBCINST.INI
[2008/03/24 10:03:39 | 000,211,288 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2006/02/28 08:00:00 | 000,341,988 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2006/02/28 08:00:00 | 000,052,312 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\windows\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\windows\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\windows\System32\InsDrvZD64.DLL
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\InsDrvZD.dll
[2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\windows\System32\ZyDelReg.exe
[2003/01/20 19:53:48 | 000,000,000 | ---- | C] () -- C:\windows\System32\px.ini
[2002/05/24 01:00:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\lockout.dll
[2002/05/24 01:00:00 | 000,045,056 | ---- | C] () -- C:\windows\System32\lockres.dll
[2001/08/31 15:33:58 | 000,425,984 | ---- | C] () -- C:\windows\System32\VxDMDcDlg.dll
[2001/08/14 11:47:08 | 000,020,480 | ---- | C] () -- C:\windows\System32\vxpsapi.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\windows\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2007/02/27 05:50:00 | 000,081,920 | ---- | M] () MD5=0542D4A89713DCB4AA6888B40A436819 -- C:\Documents and Settings\Owner\Desktop\Cnet files\utility cd\I386\SYSTEM32\EXPLORER.EXE
[2007/02/27 05:50:00 | 000,081,920 | ---- | M] () MD5=0542D4A89713DCB4AA6888B40A436819 -- C:\Documents and Settings\Taylor Bleepingcompu\Desktop\Cnet files\utility cd\I386\SYSTEM32\EXPLORER.EXE
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2007/02/27 05:50:00 | 000,549,376 | ---- | M] (Microsoft Corporation) MD5=8186BCCC56231204E798252EF2EDF9AF -- C:\Documents and Settings\Owner\Desktop\Cnet files\utility cd\I386\SYSTEM32\WINLOGON.EXE
[2007/02/27 05:50:00 | 000,549,376 | ---- | M] (Microsoft Corporation) MD5=8186BCCC56231204E798252EF2EDF9AF -- C:\Documents and Settings\Taylor Bleepingcompu\Desktop\Cnet files\utility cd\I386\SYSTEM32\WINLOGON.EXE
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Edited by tyl604, 16 May 2011 - 01:57 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:00 PM

Posted 16 May 2011 - 02:40 PM

Hi,

I see some indication for a recent infection, please run RkU and aswMBR next:

Please download Rootkit Unhooker from one of the following links and save it to your desktop. Link 1 (.exe file) Link 2 (zipped file) Link 3 (.rar file) In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.
  • Double-click on RKUnhookerLE.exe to start the program. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:08:00 AM

Posted 16 May 2011 - 02:54 PM

Neither of these programs will run. RKUnhooker will unzip fine but when I click Run it says there is a problem with the registry key, then a driver, etc. Tried it a couple of times with other mirrors.

Avast program will not scan. The scan button is greyed out. Only the fix button is active. In the body above the buttons it says there is an "initialize" error.

What now? Should I turn off Avira and try both again?

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:00 PM

Posted 16 May 2011 - 02:58 PM

Hi,

yes, that might be worth a try. If that doesn't work, please try running aswMBR from safe mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:08:00 AM

Posted 16 May 2011 - 04:01 PM

Problems with the computer. When I tried to restart in Safe, it booted and before Windows could load, it turned off and booted again. So far all it will do is try to boot, turn off the power, and try to boot again - over and over and over. Tried last good configuration, normal windows, safe with networking - nothing works.

Not sure what to do. Guess I have a hard drive problem and will need to pack it up and take it someplace for repair. I tried letting it sit for an hour to cool off but that did not help. I am guessing that a problem with the hard drive had nothing to do with the earlier problem of updates failing to install. So this must be something new.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:00 PM

Posted 16 May 2011 - 04:37 PM

Hi,

could you try to press F8 twice on the boot menu to get into advanced boot menu. There disable automatic reboot on failure and see if you get a blue screen telling you what is wrong.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:08:00 AM

Posted 16 May 2011 - 05:51 PM

Got it. The blue screen has the normal message about detecting a problem and closing Windows to prevent damage. Then it says CONFIG INITIALIZATIION FAILED. Then normal message agout checking any hardware or software recently installed, disabling BIOS options like caching or shadowing, and opening up in Safe mode.

Tech info is STOP: 0x00000067 (0x00000001, 0x0000000F, 0xc000009a, 0x00000000).

That's it.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:00 PM

Posted 16 May 2011 - 06:30 PM

Hi,

unfortunately the hits I'm seeing for this BSOD suggest that you may have a dead/dying RAM stick. Do you know if you have one or more sticks in your setup?

If you have only one, I would suggest doing a quick memory test to see if the problem is really the RAM.

There's also the possibility, although it seems to be much rarer, that your registry got corrupted and just needs to be fixed/replaced.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:08:00 AM

Posted 16 May 2011 - 08:39 PM

The T2698 came with 512MB DDR (PC 2700). Later, if I found the correct invoice, I had installed 1G PC3200 DDR 400MHz - unless this went to another computer. Total of 1.5 gig now. So I think I have two memory sticks. Can you tell from the picture attached?

So how do I test the memory if the machine will not boot?

Same question for registry.

Edited by tyl604, 16 May 2011 - 08:52 PM.


#12 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:08:00 AM

Posted 17 May 2011 - 07:24 PM

Myrti - I took it to the shop today to be fixed. Will be back in touch. Presume I will have the same infection problem when it is returned but at least maybe they can get it to reboot. I am really missing a lot of things on the computer and I am not quite sure if I can download my backup from the external hard drive to my laptop or if I should even try since I will probably have the eMachines desktop back in a few days.

#13 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:08:00 AM

Posted 18 May 2011 - 04:23 PM

Myrti - got the computer back today. He said it had a corrupted registry just as you suggested. I asked him what he did to fix it - did he insert an XP boot disk and work on it or what? He was very secretive; just said that he had to work in DOS to fix it. So I have no idea how he got it to cease from its start, fail, stop, reboot, fail, reboot, etc. procedure that was happening to me.

He also said that installing the antimalware programs would cause the registry to change. So I am a little skittish about moving forward. So far I cannot get Windows update.com to come up but I want to see if it will install all those old updates. No reason that it should because all the repair guy did was work on the registry. But I want to give it a try.

I will be back to you.

Thanks again for your help.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:00 PM

Posted 18 May 2011 - 04:54 PM

Hi,

you can try the following to fix your Windows Update issues: http://support.microsoft.com/kb/971058

let me know if that helps.

You would be the first that got a corrupted registry solely from installing the programs. I would be very surprised if that was the cause as neither really "install", they are stand alone tools and don't really modify the registry at all. However it can't be ruled out, as I don't know what caused it. I don't think that the tools were any more likely to cause a corruption than any other tool out there.

reagrds myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 tyl604

tyl604
  • Topic Starter

  • Members
  • 373 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atlanta, GA
  • Local time:08:00 AM

Posted 18 May 2011 - 05:01 PM

Myrti - do you want me to follow your instructions in Post #4? Please look at Post #5 again to see what happened last time I tried to comply with Post #4.

Thx.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users