Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP rootkit inection?


  • This topic is locked This topic is locked
31 replies to this topic

#1 samson1nite

samson1nite

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 19 May 2011 - 02:47 PM

Hi and thanks in advance for your help. I did have the XP recovery virus, but that seems to be resolved by running Malwarebytes and Superantispyware in Safe Mode. I have an Acer netbook with a Toshiba hardrive. Computer seems to be running pretty good despite various audio ads running in background. Here is the dss and gmer logs. Thanks again.



DDS (Ver_11-03-05.01) - NTFSx86
Run by Student at 13:37:18.70 on Thu 05/19/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.984 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AES\webTRAC\AesAgent.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\PersistenceThread.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\student\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rr.com/division/146
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [INPROCOMMWireless] c:\program files\atheros\wireless\utility\WlanUtil.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [iPrint Event Monitor] c:\windows\system32\iprntlgn.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PersistenceThread] c:\windows\system32\PersistenceThread.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: course.com\sam2007
Trusted Zone: hosting-questionmark.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296494127015
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1296494112140
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igdlogin - igdlogin.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: WB - c:\program files\stardock\mycolors\fastload.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 nwv1_0
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslf03a4f85;MpKslf03a4f85;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa1d31e1-babd-4252-8407-c813959c645d}\MpKslf03a4f85.sys [2011-5-19 28752]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2007-7-5 34671]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 AesAgent;AesAgent;c:\program files\aes\webtrac\AesAgent.exe [2009-4-23 73728]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-28 102448]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2008-6-16 5097632]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101027.007\naveng.sys [2010-10-28 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101027.007\navex15.sys [2010-10-28 1371184]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-23 1684736]
S3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [2008-12-4 254976]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-25 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
.
=============== Created Last 30 ================
.
2011-05-19 17:21:40 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{fa1d31e1-babd-4252-8407-c813959c645d}\MpKslf03a4f85.sys
2011-05-18 20:03:21 -------- d-----w- c:\program files\SpywareBlaster
2011-05-17 20:00:55 -------- d-----w- c:\docume~1\student\applic~1\SUPERAntiSpyware.com
2011-05-17 20:00:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-05-17 20:00:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-17 02:41:20 -------- d-----w- c:\docume~1\student\locals~1\applic~1\Secunia PSI
2011-05-17 02:40:51 -------- d-----w- c:\program files\Secunia
2011-05-17 02:27:12 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-05-17 02:26:15 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{fa1d31e1-babd-4252-8407-c813959c645d}\mpengine.dll
2011-05-17 00:44:48 709456 ----a-w- c:\windows\is-MAGL3.exe
2011-05-16 03:02:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-16 02:54:19 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-16 02:54:19 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-16 00:31:33 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-15 01:41:57 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-05-15 01:41:57 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-05-15 01:41:37 303104 ----a-w- c:\windows\system32\CNC250L.dll
2011-05-15 01:41:37 110592 ----a-w- c:\windows\system32\CNC250I.dll
2011-05-15 01:41:36 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-05-15 01:41:36 1310720 ----a-w- c:\windows\system32\CNC250C.dll
2011-05-15 01:41:36 106496 ----a-w- c:\windows\system32\CNC250U.dll
2011-05-15 01:38:00 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP9W.DLL
2011-05-15 01:38:00 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD9W.DLL
2011-05-15 01:37:57 272384 ----a-w- c:\windows\system32\CNMLM9W.DLL
2011-05-15 01:37:37 90112 ----a-w- c:\windows\system32\CNC250O.dll
2011-05-15 01:37:37 178176 ----a-w- c:\windows\system32\CNMIU9W.DLL
2011-05-14 02:13:26 -------- d-----w- c:\windows\ie8updates
2011-05-14 00:27:44 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-05-14 00:27:44 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-05-14 00:27:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-05-14 00:17:47 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-05-14 00:17:05 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-05-14 00:09:31 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-05-14 00:09:31 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-05-14 00:07:16 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-05-14 00:02:41 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-05-13 23:41:58 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-05-13 23:26:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-05-13 23:21:32 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 13:41:08.76 ===============

Attached Files

  • Attached File  ark.txt   22.54KB   5 downloads


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:27 PM

Posted 19 May 2011 - 07:44 PM

Hi

Please do the following:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 20 May 2011 - 09:37 AM

Thanks Catbyte, downloaded tdsskiller from link to desktop but would not open. Also tried renaming file but still would not open.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:27 PM

Posted 20 May 2011 - 09:42 AM

OK

Leave TDSSKiller for now and let's try the following:

Delete the version of ComboFix that you have on your desktop and download this version from http://download.bleepingcomputer.com/sUBs/ComboFix_N.exe'>here

now boot into safe mode with networking and try running it from there


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 20 May 2011 - 11:49 AM

combofix seems to have stalled... i wont do anything until i hear from you thanks

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:27 PM

Posted 20 May 2011 - 01:25 PM

Hi,

how far did it get? did it start going through the various stages?

There are fifty

sometimes it can take quite a long time and appear as though it has stalled


If you are certain it has stalled, please open task manager and look for processes pev.exe, sed.exe or cfxxx.exe and end the task if it is there.

Then delete the copy from your desk top and download a fresh copy, but rename it to iexplore before saving it, then give it another try in safe mode.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 20 May 2011 - 07:29 PM

Hi it stalled again about 2 minutes in - same as last time. I waited couple hours but nothing thanks

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:27 PM

Posted 20 May 2011 - 07:33 PM

Hi

Please run the following:

  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Download the following file scan.txt and save it to your Desktop. (You may need to right click on it and select "Save")
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 20 May 2011 - 09:05 PM

ok here are the reports



OTL logfile created on: 5/20/2011 9:46:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\student\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 115.63 Gb Total Space | 96.40 Gb Free Space | 83.37% Space Free | Partition Type: NTFS
Drive D: | 33.42 Gb Total Space | 33.24 Gb Free Space | 99.45% Space Free | Partition Type: NTFS

Computer Name: ACER2480 | User Name: Student | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/20 21:38:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\student\Desktop\OTL.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/20 21:38:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\student\Desktop\OTL.exe
MOD - [2011/01/11 04:27:10 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
MOD - [2011/01/10 21:21:34 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/23 16:28:08 | 000,073,728 | ---- | M] (Applied Educational Systems) [Auto | Stopped] -- C:\Program Files\AES\webTRAC\AesAgent.exe -- (AesAgent)
SRV - [2007/06/11 19:14:16 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/11 15:51:00 | 000,028,672 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


========== Driver Services (SafeList) ==========

DRV - [2011/05/20 21:26:24 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E434813-35F6-48B4-B57A-902CA5A01E2B}\MpKsle5e933ff.sys -- (MpKsle5e933ff)
DRV - [2011/05/20 17:07:59 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E434813-35F6-48B4-B57A-902CA5A01E2B}\MpKsl7618a4fc.sys -- (MpKsl7618a4fc)
DRV - [2011/05/20 12:25:52 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7E434813-35F6-48B4-B57A-902CA5A01E2B}\MpKsl03de9cd3.sys -- (MpKsl03de9cd3)
DRV - [2010/10/28 10:28:58 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101027.007\navex15.sys -- (NAVEX15)
DRV - [2010/10/28 10:28:54 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101027.007\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/28 10:28:53 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/19 08:30:42 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/16 11:10:06 | 000,132,480 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/24 19:35:00 | 005,056,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/12 15:55:32 | 000,164,864 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008/12/30 04:02:32 | 001,346,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/05 16:01:02 | 000,254,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2007/10/01 14:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/09/20 21:26:48 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/06 10:35:42 | 000,034,671 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2007/06/21 14:03:00 | 000,513,664 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2007/06/11 19:14:00 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/04/11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/03/06 22:17:00 | 000,691,712 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athr.sys -- (athr)
DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/11/22 08:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/11/15 08:00:58 | 000,528,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/10/27 16:53:00 | 000,043,568 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2006/09/25 09:54:00 | 000,160,209 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/06/12 22:18:00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/06/10 00:38:24 | 000,006,909 | R--- | M] (Conexant Systems, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UIUSYS.SYS -- (UIUSys)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/03/03 17:50:00 | 000,038,416 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM)
DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/11/22 10:51:00 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2005/10/27 16:15:00 | 000,039,731 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2005/10/12 13:12:00 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2005/10/12 13:11:00 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS) Novell Simple Naming Services (NWSNS)
DRV - [2005/06/10 10:01:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2005/05/26 18:14:00 | 000,015,891 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2005/01/03 14:51:00 | 000,020,332 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2004/06/01 18:19:00 | 000,027,249 | ---- | M] (Novell, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2003/02/26 14:51:00 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/division/146
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin

[2011/04/20 18:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\student\Application Data\Mozilla\Extensions
[2011/05/17 23:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\student\Application Data\Mozilla\Firefox\Profiles\b9438it2.default\extensions

O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [INPROCOMMWireless] File not found
O4 - HKLM..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe (Novell, Inc.)
O4 - HKLM..\Run: [iPrint Tray] C:\WINDOWS\System32\iprntctl.exe (Novell, Inc.)
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [PLFSetI] File not found
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: course.com ([sam2007] https in Trusted sites)
O15 - HKCU\..Trusted Domains: hosting-questionmark.com ([]http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296494127015 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1296494112140 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igdlogin: DllName - igdlogin.dll - C:\WINDOWS\System32\igdlogin.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\Stardock\MyColors\fastload.dll - C:\Program Files\Stardock\MyColors\fastload.dll (Stardock)
O24 - Desktop Components:1 () - https://owa1.mvctc.com/owa
O24 - Desktop WallPaper: C:\Documents and Settings\student\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\student\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/03 06:55:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/20 10:11:39 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{12355ccb-e670-11de-9698-00255694718f}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{e15e06f8-77aa-11de-9649-00265e1fc45f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e15e06f8-77aa-11de-9649-00265e1fc45f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
O33 - MountPoints2\{e15e06f8-77aa-11de-9649-00265e1fc45f}\Shell\Explore\command - "" = autorun.exe
O33 - MountPoints2\{e15e06f8-77aa-11de-9649-00265e1fc45f}\Shell\Open\command - "" = autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^student^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: Netlogon - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: LanmanWorkstation - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOS - Service
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Netlogon - Service
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NtLmSsp - Service
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

========== Files/Folders - Created Within 30 Days ==========

[2011/05/20 21:38:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\student\Desktop\OTL.exe
[2011/05/20 12:36:26 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/05/20 11:58:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/20 11:58:54 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/20 11:58:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/20 11:58:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/20 11:58:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/20 11:58:34 | 000,000,000 | --SD | C] -- C:\ComboFix_N
[2011/05/20 11:50:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/20 11:50:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\student\Start Menu\Programs\Administrative Tools
[2011/05/20 10:22:21 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\student\Desktop\TDSSKiller.exe
[2011/05/18 21:51:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\student\Desktop\gmer
[2011/05/18 16:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/18 16:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/05/18 16:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/05/18 16:01:03 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\student\Desktop\spywareblastersetup44.exe
[2011/05/17 23:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/05/17 16:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\student\Application Data\SUPERAntiSpyware.com
[2011/05/17 16:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/17 16:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/17 16:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/17 15:58:44 | 011,156,920 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\student\Desktop\SUPERAntiSpyware.exe
[2011/05/16 22:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\student\Local Settings\Application Data\Secunia PSI
[2011/05/16 22:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/05/16 22:37:26 | 001,739,400 | ---- | C] (Secunia) -- C:\Documents and Settings\student\Desktop\PSISetup.exe
[2011/05/16 21:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/16 20:50:37 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\student\Desktop\mbam-setup.exe
[2011/05/16 20:42:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\student\Recent
[2011/05/16 17:16:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\student\Desktop\tdsskiller
[2011/05/16 14:39:57 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\student\Desktop\abc.com.exe
[2011/05/16 13:57:05 | 004,290,788 | R--- | C] (Swearware) -- C:\Documents and Settings\student\Desktop\iExplore.exe
[2011/05/15 23:02:39 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/05/15 20:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/15 20:18:26 | 007,866,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\student\Desktop\mseinstall.exe
[2011/05/15 16:50:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\student\Start Menu\Programs\Windows XP Recovery
[2011/05/14 21:41:57 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2011/05/14 21:41:37 | 000,303,104 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC250L.dll
[2011/05/14 21:41:37 | 000,110,592 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC250I.dll
[2011/05/14 21:41:36 | 001,310,720 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC250C.dll
[2011/05/14 21:41:36 | 000,106,496 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC250U.dll
[2011/05/14 21:41:36 | 000,015,872 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNHMCA.dll
[2011/05/14 21:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/14 21:37:57 | 000,272,384 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM9W.DLL
[2011/05/14 21:37:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2011/05/14 21:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP250 series
[2011/05/14 21:37:37 | 000,178,176 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIU9W.DLL
[2011/05/14 21:37:37 | 000,090,112 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC250O.dll
[2011/05/14 21:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\CanonBJ
[2011/05/14 14:17:42 | 001,039,128 | ---- | C] (PC Drivers HeadQuarters ) -- D:\My Documents\DriverInstaller_DT.exe
[2011/05/14 13:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\student\My Documents
[2011/05/13 22:13:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/05/13 20:27:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/05/13 20:17:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/05/13 20:17:05 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/05/13 20:09:31 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/05/13 20:09:31 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/05/13 20:07:16 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/05/13 20:02:41 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/05/13 19:41:58 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/05/13 19:26:51 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/07/23 18:37:55 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2009/07/23 18:37:46 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2007/07/05 12:53:08 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/20 21:38:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\student\Desktop\OTL.exe
[2011/05/20 21:37:28 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/20 21:36:26 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/05/20 21:35:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/20 21:31:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/20 21:29:15 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C7EBB57B-A9EE-42B6-BEC0-B4DDC8669D52}.job
[2011/05/20 17:22:05 | 004,290,788 | R--- | M] (Swearware) -- C:\Documents and Settings\student\Desktop\iExplore.exe
[2011/05/20 10:22:38 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\student\Desktop\TDSSKiller.exe
[2011/05/20 10:16:48 | 001,280,208 | ---- | M] () -- C:\Documents and Settings\student\Desktop\tdsskiller.zip
[2011/05/19 20:51:32 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\student\Desktop\Microsoft Office Word 2007.lnk
[2011/05/19 13:36:29 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\student\Desktop\dds.scr
[2011/05/19 13:28:19 | 000,466,192 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/19 13:28:19 | 000,079,806 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/18 21:48:12 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\student\Desktop\gmer.zip
[2011/05/18 16:05:23 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\student\Desktop\SpywareBlaster.lnk
[2011/05/18 16:01:03 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\student\Desktop\spywareblastersetup44.exe
[2011/05/17 16:00:46 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/17 15:58:43 | 011,156,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\student\Desktop\SUPERAntiSpyware.exe
[2011/05/16 22:41:08 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/05/16 22:37:26 | 001,739,400 | ---- | M] (Secunia) -- C:\Documents and Settings\student\Desktop\PSISetup.exe
[2011/05/16 22:02:43 | 000,502,095 | ---- | M] () -- C:\Documents and Settings\student\Desktop\unhide.exe
[2011/05/16 21:20:05 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/16 21:01:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 20:44:48 | 000,709,456 | ---- | M] () -- C:\WINDOWS\is-MAGL3.exe
[2011/05/16 20:44:48 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-MAGL3.msg
[2011/05/16 20:44:48 | 000,000,309 | ---- | M] () -- C:\WINDOWS\is-MAGL3.lst
[2011/05/16 20:30:36 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\student\Desktop\mbam-setup.exe
[2011/05/16 16:30:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\student\defogger_reenable
[2011/05/16 16:28:04 | 000,050,477 | ---- | M] () -- D:\My Documents\Defogger.exe
[2011/05/16 16:28:04 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\student\Desktop\Defogger.exe
[2011/05/16 14:39:56 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\student\Desktop\abc.com.exe
[2011/05/16 14:29:23 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\student\Desktop\rkill.exe
[2011/05/16 14:06:51 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\student\Desktop\rkill.com
[2011/05/16 12:08:41 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\student\Local Settings\Application Data\housecall.guid.cache
[2011/05/15 20:34:38 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/15 20:18:26 | 007,866,472 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\student\Desktop\mseinstall.exe
[2011/05/15 16:50:50 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\student\Desktop\Windows XP Recovery.lnk
[2011/05/15 16:50:50 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18931492
[2011/05/15 16:50:49 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18931492r
[2011/05/15 16:50:35 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18931492
[2011/05/14 22:13:01 | 000,000,011 | ---- | M] () -- C:\WINDOWS\NetWare.INI
[2011/05/14 21:42:45 | 000,000,956 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2011/05/14 21:35:03 | 021,136,784 | ---- | M] () -- D:\My Documents\mp250swin104ea24.exe
[2011/05/14 21:35:03 | 021,136,784 | ---- | M] () -- C:\Documents and Settings\student\Desktop\mp250swin104ea24.exe
[2011/05/14 19:20:55 | 005,089,334 | ---- | M] () -- D:\My Documents\Zune-Zodiac.themepack
[2011/05/14 14:17:49 | 001,039,128 | ---- | M] (PC Drivers HeadQuarters ) -- D:\My Documents\DriverInstaller_DT.exe
[2011/05/13 23:12:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/13 22:53:37 | 000,356,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/13 17:45:48 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\student\Desktop\Microsoft Office PowerPoint 2007.lnk
[4 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/20 11:58:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/20 11:58:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/20 11:58:54 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/20 11:58:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/20 11:58:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/20 10:16:35 | 001,280,208 | ---- | C] () -- C:\Documents and Settings\student\Desktop\tdsskiller.zip
[2011/05/19 13:36:30 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\student\Desktop\dds.scr
[2011/05/18 21:48:10 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\student\Desktop\gmer.zip
[2011/05/18 16:05:23 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\student\Desktop\SpywareBlaster.lnk
[2011/05/17 16:00:46 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/16 22:41:08 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2011/05/16 22:41:08 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/05/16 22:19:02 | 000,050,477 | ---- | C] () -- D:\My Documents\Defogger.exe
[2011/05/16 22:02:44 | 000,502,095 | ---- | C] () -- C:\Documents and Settings\student\Desktop\unhide.exe
[2011/05/16 21:20:05 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/16 21:01:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 20:44:48 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-MAGL3.exe
[2011/05/16 20:44:48 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-MAGL3.msg
[2011/05/16 20:44:48 | 000,000,309 | ---- | C] () -- C:\WINDOWS\is-MAGL3.lst
[2011/05/16 16:30:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\student\defogger_reenable
[2011/05/16 16:29:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\student\Desktop\Defogger.exe
[2011/05/16 14:29:12 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\student\Desktop\rkill.exe
[2011/05/16 14:06:40 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\student\Desktop\rkill.com
[2011/05/16 12:08:41 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\student\Local Settings\Application Data\housecall.guid.cache
[2011/05/15 23:05:17 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/05/15 20:39:12 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/15 20:34:38 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/15 16:50:50 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\student\Desktop\Windows XP Recovery.lnk
[2011/05/15 16:50:49 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18931492r
[2011/05/15 16:50:49 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18931492
[2011/05/15 16:50:35 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18931492
[2011/05/14 21:53:45 | 021,136,784 | ---- | C] () -- D:\My Documents\mp250swin104ea24.exe
[2011/05/14 21:41:37 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\CNC173AD.TBL
[2011/05/14 21:35:03 | 021,136,784 | ---- | C] () -- C:\Documents and Settings\student\Desktop\mp250swin104ea24.exe
[2011/05/14 19:20:55 | 005,089,334 | ---- | C] () -- D:\My Documents\Zune-Zodiac.themepack
[2011/05/13 20:46:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/09/23 10:35:11 | 000,000,709 | ---- | C] () -- C:\WINDOWS\LMAAX2DD.ini
[2009/12/17 10:29:23 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2009/10/01 10:13:48 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2009/07/24 08:16:05 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/07/23 23:34:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/07/23 18:37:55 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/07/23 18:37:55 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2009/07/23 18:37:55 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2009/07/23 18:32:31 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll
[2009/07/23 18:23:33 | 000,090,772 | R--- | C] () -- C:\WINDOWS\System32\drivers\RtConvEQ.DAT
[2009/07/23 18:23:33 | 000,000,536 | R--- | C] () -- C:\WINDOWS\System32\drivers\RtHdatEx.dat
[2009/07/23 18:23:33 | 000,000,520 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat
[2009/07/23 18:05:12 | 000,004,343 | R--- | C] () -- C:\WINDOWS\System32\lpgun.ini
[2009/07/23 18:04:57 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\igdlogin.dll
[2009/06/09 09:56:00 | 000,058,672 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2008/12/04 15:57:31 | 000,000,672 | R--- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2008/12/04 15:57:31 | 000,000,520 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2008/12/04 15:57:31 | 000,000,520 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2008/12/04 15:57:31 | 000,000,016 | R--- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2008/12/04 15:52:55 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2008/12/04 15:52:55 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2008/12/04 15:52:55 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2008/06/16 17:56:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008/06/16 17:56:55 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008/06/16 16:35:08 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/06/16 16:35:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/06/16 12:53:28 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\Desktop_.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/09 08:00:13 | 000,000,030 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/05/07 09:38:55 | 000,000,031 | ---- | C] () -- C:\WINDOWS\opera.ini
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/06 16:12:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/07/06 11:02:12 | 000,001,500 | ---- | C] () -- C:\WINDOWS\Sketchpad Preferences.dat
[2007/07/05 13:00:04 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\Cadzone.ini
[2007/07/05 12:46:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\icapture.exe
[2007/07/05 12:46:47 | 000,034,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2007/07/05 12:46:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\nipplpte.exe
[2007/07/05 11:52:27 | 000,003,699 | ---- | C] () -- C:\WINDOWS\System32\iprint.ini
[2007/07/05 11:48:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/05 10:47:08 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2007/07/05 10:30:27 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\student\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/05 10:09:16 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2007/07/05 10:09:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2007/07/05 09:23:57 | 000,000,026 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2007/07/05 09:23:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2007/07/05 09:23:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\PSDCWIN.INI
[2007/07/05 09:23:23 | 000,000,534 | ---- | C] () -- C:\WINDOWS\PSDWIN.INI
[2007/07/03 21:32:34 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/07/03 17:27:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/03 09:48:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/07/03 06:58:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/07/03 06:52:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/07/03 02:48:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/07/03 02:47:23 | 000,356,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/29 00:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\vmdcr.dll
[2007/06/29 00:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\amcdr.dll
[2007/06/21 10:09:00 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2007/06/13 00:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\rkeyds.sys
[2007/06/13 00:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\jrdgl.dll
[2007/05/29 00:00:00 | 000,014,056 | ---- | C] () -- C:\WINDOWS\System32\emlks.dll
[2007/04/13 09:41:00 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2006/12/20 03:01:36 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\ml405Pl3.dll
[2006/06/12 22:18:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2005/06/10 10:00:00 | 000,007,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2004/11/29 10:43:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004/10/12 01:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 01:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 01:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 01:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 03:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/09 10:31:18 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2003/12/18 10:29:00 | 000,001,724 | ---- | C] () -- C:\WINDOWS\System32\vipx.exe
[2003/06/24 08:07:28 | 000,111,338 | ---- | C] () -- C:\WINDOWS\CheckForNewInstall.EXE
[2003/06/24 08:06:58 | 000,111,457 | ---- | C] () -- C:\WINDOWS\ParseUninstallPath.EXE
[2003/06/20 13:03:08 | 000,111,069 | ---- | C] () -- C:\WINDOWS\RunMSIEXEC.EXE
[2003/03/11 11:53:26 | 000,112,043 | ---- | C] () -- C:\WINDOWS\FixTalkTIRegistry.EXE
[2002/04/29 12:36:22 | 000,111,390 | ---- | C] () -- C:\WINDOWS\parseuninstallpath1.EXE
[2002/04/01 16:14:52 | 000,111,328 | ---- | C] () -- C:\WINDOWS\CheckForOldInstall.EXE
[2002/04/01 14:16:48 | 000,111,282 | ---- | C] () -- C:\WINDOWS\SetTrademark.EXE
[2001/10/23 10:14:00 | 000,012,736 | ---- | C] () -- C:\WINDOWS\System32\cmdinfo.exe
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,466,192 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,079,806 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/10/30 11:04:00 | 000,000,209 | ---- | C] () -- C:\WINDOWS\Ic32.ini
[2000/01/20 09:15:00 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999/07/22 19:07:00 | 000,015,898 | ---- | C] () -- C:\WINDOWS\System32\vlmsup.exe
[1999/01/11 04:37:00 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[1996/05/14 09:50:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995/08/22 08:36:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >




OTL Extras logfile created on: 5/20/2011 9:46:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\student\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 115.63 Gb Total Space | 96.40 Gb Free Space | 83.37% Space Free | Partition Type: NTFS
Drive D: | 33.42 Gb Total Space | 33.24 Gb Free Space | 99.45% Space Free | Partition Type: NTFS

Computer Name: ACER2480 | User Name: Student | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{153F839F-0A63-41D8-890F-7324C0E13743}" = Broadcom Driver v4.170.25.12_Foxconn Installation Program
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{3E9CA789-3AAC-4F5E-B42D-EA4232DAC60F}" = Atheros Wireless LAN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E43DA1-CAEA-4264-9BB8-3F47ED57E2A4}" = TI InterActive!
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye webcam 2.2.0.2
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7952CA2-A925-4CA1-A934-A46E8EC9CA18}" = Acer Crystal Eye Webcam 1.0.1.3
"{FBB03DB7-D884-4FD2-98C7-58B9ED718B1C}" = SAM 2007 Content Player
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"All ATI Software" = ATI - Software Uninstall Utility
"BA7C3E474BCC2DD6360ACAFC7E9C0F9C7E2B96EB" = Windows Driver Package - Intel (w39n51) net (04/04/2006 10.1.1.3)
"Bridge Building Game" = Bridge Building Game
"CCleaner" = CCleaner (remove only)
"Comprehensive Medical Terminology, 2nd Edition" = Comprehensive Medical Terminology, 2nd Edition
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"F785D6B63FDA08F811F56F84F831B3E291B7129A" = Windows Driver Package - Intel (w29n51) net (04/05/2006 9.0.4.13)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Icy Tower v1.4_is1" = Icy Tower v1.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Inspiration 7.5" = Inspiration 7.5
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InterAct Math Elem and Interm Alg 3e BEJ" = InterAct Math Elem and Interm Alg 3e BEJ
"Lexmark_HostCD" = Lexmark Software Uninstall
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"LManager" = Launch Manager
"LPCO" = Intel® Graphics Media Accelerator 500
"Macromedia Authorware Web Player" = Macromedia Authorware Web Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MicroType 3.0" = MicroType 3.0
"Milady's Standard Cosmetology" = Milady's Standard Cosmetology
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NDCMedisoft Advanced Patient Accounting 9 SP 1" = NDCMedisoft Advanced Patient Accounting 9 SP 1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client for Windows
"Novell iPrint Client" = Novell iPrint Client v04.32.00
"NVIDIA Drivers" = NVIDIA Drivers
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Sketchpad" = Sketchpad
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SRI Client" = SRI Client
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Crime Zone 6.0" = The Crime Zone 6.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"webTRAC" = AES webTRAC
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMS" = Windows NT Messaging
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:27 PM

Posted 20 May 2011 - 10:04 PM

Hi

Please do the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O33 - MountPoints2\{12355ccb-e670-11de-9698-00255694718f}\Shell\AutoRun\command - "" = E:\Setup.exe
    O33 - MountPoints2\{e15e06f8-77aa-11de-9649-00265e1fc45f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e15e06f8-77aa-11de-9649-00265e1fc45f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
    O33 - MountPoints2\{e15e06f8-77aa-11de-9649-00265e1fc45f}\Shell\Explore\command - "" = autorun.exe
    O33 - MountPoints2\{e15e06f8-77aa-11de-9649-00265e1fc45f}\Shell\Open\command - "" = autorun.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    [2011/05/15 16:50:50 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\student\Desktop\Windows XP Recovery.lnk
    [2011/05/15 16:50:50 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18931492
    [2011/05/15 16:50:49 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18931492r
    [2011/05/15 16:50:35 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18931492
    
    
    
    :Commands
    [emptyflash]
    [purity]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT



  • Run OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on the NONE button on the top menu bar
  • Under the Custom Scan box paste this in

    %SYSTEMDRIVE%\volsnap.* /s 
    
    
  • Click the Run Scan button. Do not change any other settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window: OTL.Txt This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.





NEXT



submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file C:\WINDOWS\is-MAGL3.exe
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

Do the same for the following files:

C:\WINDOWS\is-MAGL3.msg
C:\WINDOWS\is-MAGL3.lst

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 21 May 2011 - 12:25 PM

Here are the reports from the otl procedures you requested

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com deleted successfully.
File C:\Program Files\MyWebSearch\bar\1.bin not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12355ccb-e670-11de-9698-00255694718f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12355ccb-e670-11de-9698-00255694718f}\ not found.
File E:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e15e06f8-77aa-11de-9649-00265e1fc45f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e15e06f8-77aa-11de-9649-00265e1fc45f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e15e06f8-77aa-11de-9649-00265e1fc45f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e15e06f8-77aa-11de-9649-00265e1fc45f}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e15e06f8-77aa-11de-9649-00265e1fc45f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e15e06f8-77aa-11de-9649-00265e1fc45f}\ not found.
File autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e15e06f8-77aa-11de-9649-00265e1fc45f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e15e06f8-77aa-11de-9649-00265e1fc45f}\ not found.
File autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
C:\Documents and Settings\student\Desktop\Windows XP Recovery.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\~18931492 moved successfully.
C:\Documents and Settings\All Users\Application Data\~18931492r moved successfully.
C:\Documents and Settings\All Users\Application Data\18931492 moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 348 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: student
->Flash cache emptied: 29038 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05212011_125654



OTL logfile created on: 5/21/2011 1:13:48 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\student\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 115.63 Gb Total Space | 96.40 Gb Free Space | 83.37% Space Free | Partition Type: NTFS
Drive D: | 33.42 Gb Total Space | 33.24 Gb Free Space | 99.45% Space Free | Partition Type: NTFS

Computer Name: ACER2480 | User Name: Student | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< %SYSTEMDRIVE%\volsnap.* /s >
[2004/08/03 23:00:18 | 000,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys
[2001/08/23 08:00:00 | 000,001,095 | ---- | M] () -- C:\WINDOWS\inf\volsnap.inf
[2007/07/03 02:48:14 | 000,004,964 | ---- | M] () -- C:\WINDOWS\inf\volsnap.PNF
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys

< >

< >

< >

< >

< End of report >

#12 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 21 May 2011 - 12:51 PM

Here are the results of virustotal

http://www.virustotal.com/file-scan/report.html?id=b4eba70378b8cc9bd5bdd1531be59463a710b5a07be8ce74e9e53564680fa839-1305998919


http://www.virustotal.com/file-scan/report.html?id=ef65726bca941d7845d85f0402a6754e9f794e34ec6c9a1edd210dcd74e6568e-1305999416#


http://www.virustotal.com/file-scan/report.html?id=67bc32b6b29448c35e03dd98df449c0486c6c67f0d3c9050bfde8579649a1e8f-1305999571


Thanks again for your help

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:27 PM

Posted 21 May 2011 - 02:41 PM

Hi

Please do the following:

1. Reboot your computer and as Windows starts it will present you with your startup options for exactly two seconds - you'll have to be quick - which in your case will be Microsoft Windows XP Professional and Microsoft Windows Recovery Console

2. With the arrows keys on your keyboard select the option listed as Microsoft Windows Recovery Console and press the enter key on your keyboard.

If it passes by too quickly, restart the machine again, and press F8. Once you're at the Advanced Boot Menu Options screen, select "Return to OS Choices", then choose Recovery Console from the next screen.

3. The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.

4. It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter.

5. You should now be presented with a C:\Windows> prompt

At that prompt, type in the following bolded text:

cd system32\drivers

Press Enter (you should now be at C:\windows\system32\drivers> prompt)

ren volsnap.sys volsnap.old

Press Enter -

Note - If you receive a message similar to 'invalid parameter or bad command, ensure you have a space between ren and volsnap.sys and another space between volsnap.sys and volsnap.old


Next, type in the following bolded text:

copy C:\WINDOWS\ServicePackFiles\i386\volsnap.sys c:\windows\system32\drivers\volsnap.sys

Press Enter

You should see a message '1 file copied'. If you did not see that message, try again and ensure there is a space after the word copy and another space between the file paths.


If you did see '1 file copied', type in exit, press Enter, and the system will reboot.

NEXT


Now re-try running both TDSSKiller and ComboFix

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 samson1nite

samson1nite
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:27 PM

Posted 21 May 2011 - 05:06 PM

on my advanced options menu my choices are:
Enable boot logging
Enable vga mode
Last known good config
directory services restore
debbugging mode
disable automatic restart on system failure

Start windows normally
reboot
return to OS choices menu

When i click on return to OS choices it shows only XP professional and not recovery mode - thanks

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:08:27 PM

Posted 21 May 2011 - 05:08 PM

OK,

I had hoped ComboFix had installed the recovery console prior to it crashing

Do you have your installation CD so that you can access the recovery console via the install disk?

If not, we'll have to make a disk

Please download ARCDC from Artellos.com.
  • Double click ARCDC.exe
  • Follow the dialog until you see 6 options. Please pick: Windows Professional SP2 & SP3
  • You will be prompted with a Terms of Use by Microsoft, please accept.
  • You will see a few dos screens flash by, this is normal.
  • Next you will be able to choose to add extra files. Select the Default Files.
  • The last window will allow you to burn the disk using BurnCDCC
Your ISO is located on your desktop.


use that disk to access the recovery console and give the replacement another try

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users