also @ TechSpot: Intel confirms a smartwatch is in the pipeline

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

"The maximum number of secrets that may be stored in a single system has exceeded..."

Discussion in 'Virus and Malware Removal' started by JimmaWat, Aug 22, 2011.

Page 3 of 5

Broni Malware Annihilator Posts: 40,051 +187

See here: http://forums.majorgeeks.com/showthread.php?t=216844

Broni, Aug 25, 2011

#41
JimmaWat Newcomer, in training Posts: 42

Hmm, I'm trying to get it to boot from my USB but it keeps telling me to remove disks and other media as it loads up and only works when I take out the USB. I think I just need to get the right settings. I'll keep trying tomorrow. If you think I'm doing anything wrong, feel free to tell me. Thanks.

JimmaWat, Aug 25, 2011

#42
JimmaWat Newcomer, in training Posts: 42

So, so far I've had no luck booting from my USB. I followed the instructions as it was written but it always tells me to "remove disks and other media". So I googled how to make a bootable USB and I've reformated over and over and even used an HP Drive Utility to reformat into a bootable USB, rechecked over and over to make sure the BIOS boots from the USB first but nothing changed.

I ended up going to cmd and did the command BootSect.exe /nt60 F: and copied the bootmgr file from the folders provided with the eeepcfr folder and it doesn't stop at "Remove Disks and Other Media" anymore but it takes me to a screen and tells me

File : BOOT/BCD
Status: 0xc000000f.
Info: An error occurred while attempting to read the boot configuration data.

Am I going in the right direction? Am I completely off? Is my computer just completely screwed? Lol, thanks.

JimmaWat, Aug 25, 2011

#43
Broni Malware Annihilator Posts: 40,051 +187

I suggest you get blank CDR (not RW) and try that way.

Broni, Aug 25, 2011

#44
JimmaWat Newcomer, in training Posts: 42

Got my hands on a CDR and booted Reatogo from the CD successfully. Ran the OTL scan.

Here is the log:

OTL logfile created on: 8/26/2011 3:42:22 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 89.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150.94 Gb Total Space | 24.08 Gb Free Space | 15.95% Space Free | Partition Type: NTFS
Drive D: | 81.94 Gb Total Space | 1.89 Gb Free Space | 2.31% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (npkcmsvc)
SRV - File not found [Auto] -- -- (HDD & SSD access service)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/15 23:20:35 | 003,435,096 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/12 13:32:46 | 003,427,996 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/09/23 14:38:18 | 000,935,208 | -H-- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/11/24 14:18:20 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (XDva389)
DRV - File not found [Kernel | On_Demand] -- -- (XDva388)
DRV - File not found [Kernel | On_Demand] -- -- (XDva387)
DRV - File not found [Kernel | On_Demand] -- -- (XDva386)
DRV - File not found [Kernel | On_Demand] -- -- (XDva385)
DRV - File not found [Kernel | On_Demand] -- -- (XDva383)
DRV - File not found [Kernel | On_Demand] -- -- (XDva380)
DRV - File not found [Kernel | On_Demand] -- -- (XDva375)
DRV - File not found [Kernel | On_Demand] -- -- (XDva370)
DRV - File not found [Kernel | On_Demand] -- -- (XDva362)
DRV - File not found [Kernel | On_Demand] -- -- (XDva359)
DRV - File not found [Kernel | On_Demand] -- -- (XDva358)
DRV - File not found [Kernel | On_Demand] -- -- (XDva354)
DRV - File not found [Kernel | On_Demand] -- -- (XDva352)
DRV - File not found [Kernel | On_Demand] -- -- (XDva351)
DRV - File not found [Kernel | On_Demand] -- -- (XDva349)
DRV - File not found [Kernel | On_Demand] -- -- (XDva347)
DRV - File not found [Kernel | On_Demand] -- -- (XDva346)
DRV - File not found [Kernel | On_Demand] -- -- (XDva343)
DRV - File not found [Kernel | On_Demand] -- -- (XDva341)
DRV - File not found [Kernel | On_Demand] -- -- (XDva337)
DRV - File not found [Kernel | On_Demand] -- -- (XDva332)
DRV - File not found [Kernel | On_Demand] -- -- (XDva328)
DRV - File not found [Kernel | On_Demand] -- -- (XDva326)
DRV - File not found [Kernel | On_Demand] -- -- (XDva296)
DRV - File not found [Kernel | On_Demand] -- -- (XDva285)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (npkcrypt)
DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand] -- -- (mcdbus)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | Auto] -- -- (adfs)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/04 00:00:00 | 000,002,304 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\HtsysmNT.sys -- (Htsysm)
DRV - [2009/10/13 04:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009/07/13 04:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2009/06/08 10:44:51 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/12/26 13:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/08/21 18:49:56 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 18:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/04/30 18:07:10 | 001,073,320 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/04/27 11:14:54 | 003,626,112 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/16 21:33:00 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/10 22:55:04 | 000,084,240 | R--- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/26 16:49:00 | 001,094,272 | R--- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2008/03/07 00:57:12 | 000,106,624 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/03/06 12:51:14 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/10/10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2004/08/03 21:07:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..network.proxy.backup.ftp: "80.63.56.146"
FF - prefs.js..network.proxy.backup.ftp_port: 8118
FF - prefs.js..network.proxy.backup.socks: "80.63.56.146"
FF - prefs.js..network.proxy.backup.socks_port: 8118
FF - prefs.js..network.proxy.backup.ssl: "80.63.56.146"
FF - prefs.js..network.proxy.backup.ssl_port: 8118
FF - prefs.js..network.proxy.share_proxy_settings: true

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 11:16:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/24 02:07:01 | 000,000,000 | ---D | M]

[2009/03/15 22:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/08/17 20:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z1748ax6.default\extensions
[2010/08/08 16:21:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z1748ax6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/17 20:59:41 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z1748ax6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/04/01 18:08:49 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z1748ax6.default\extensions\moveplayer@movenetworks.com
[2011/03/27 15:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/19 09:10:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z1748AX6.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
[2008/10/02 00:51:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/11 16:23:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/07/10 09:50:17 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/02/11 16:23:14 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/16 14:09:22 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2011/04/30 11:16:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/24 14:00:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BisonHK] C:\WINDOWS\BisonCam\BisonHK.exe (mychat)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe (Bison Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\Administrator_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Administrator_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to kevin.lnk = C:\Documents and Settings\Administrator\Desktop\Bypass\kevin.exe (KevinSoft)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/01 21:46:40 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/08/22 14:16:13 | 000,000,000 | R--D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\AUTMGR32.EXE" /START "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/24 22:39:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/24 13:45:30 | 004,182,515 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/08/23 22:53:08 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/08/23 22:43:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/23 22:43:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/23 22:43:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/23 22:43:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/23 22:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/23 22:43:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/22 22:28:23 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/08/22 22:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/22 14:16:13 | 000,000,000 | R--D | C] -- C:\Autorun.inf
[2011/08/22 14:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Virus Secure Lab
[2011/08/22 13:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Virus Secure Lab
[2011/08/18 17:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/08/18 00:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.0
[2011/08/18 00:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/08/17 23:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/17 23:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/08/17 22:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/08/17 22:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/17 22:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/17 22:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/17 22:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2011/08/17 21:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2011/08/17 20:30:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/17 20:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/17 20:17:57 | 000,331,776 | ---- | C] (EasyTech) -- C:\WINDOWS\System32\EasyRedirect.dll
[2011/08/17 20:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Easy-Hide-IP
[2011/08/17 12:37:25 | 000,000,000 | ---D | C] -- C:\CherryDeGames
[2011/08/16 14:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Orbit
[2011/08/11 14:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2011/08/07 19:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PCSX2
[2011/08/07 19:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PCSX2
[2011/08/07 19:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\PCSX2 0.9.8
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/25 15:59:22 | 2678,984,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/25 15:59:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/24 22:48:05 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1767777339-725345543-500UA.job
[2011/08/24 22:08:05 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/24 14:00:12 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
[2011/08/24 14:00:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/08/24 14:00:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/24 13:59:58 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/24 03:48:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1767777339-725345543-500Core.job
[2011/08/24 02:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JIMMAWAT-Administrator.job
[2011/08/23 22:39:38 | 004,182,515 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/08/22 23:51:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/22 23:49:04 | 001,405,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/08/22 22:28:29 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/08/22 22:22:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\nley09pc.exe
[2011/08/22 22:01:09 | 067,889,832 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_en.exe
[2011/08/22 19:28:41 | 000,096,539 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1006.pdf
[2011/08/22 14:06:08 | 000,002,017 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virus Effect Remover.lnk
[2011/08/18 21:14:30 | 000,967,934 | ---- | M] () -- C:\WINDOWS\umcat_01.db
[2011/08/18 18:21:37 | 000,493,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/18 18:21:37 | 000,084,000 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/18 13:09:34 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/08/18 00:32:32 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.0.lnk
[2011/08/18 00:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.0
[2011/08/17 22:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/17 22:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2011/08/17 21:51:07 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rk-proxy.reg
[2011/08/17 20:23:43 | 000,002,544 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/08/17 20:23:43 | 000,001,248 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/08/16 14:09:23 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Orbit.lnk
[2011/08/16 14:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Orbit
[2011/08/16 14:05:40 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/11 14:40:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iPlayer.INI
[2011/08/08 00:58:20 | 000,614,403 | ---- | M] () -- C:\WINDOWS\BsSnap.pre
[2011/08/07 19:13:32 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PCSX2 0.9.8 (r4600).lnk
[2011/08/07 19:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PCSX2
[2011/08/06 18:30:17 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GamersFirst LIVE!.lnk
[2011/08/06 02:09:10 | 000,515,578 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Snapshot of me 1.png
[2011/08/06 02:07:30 | 000,031,344 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Video call snapshot 22.png
[2011/08/06 02:07:26 | 000,028,530 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Video call snapshot 21.png
[2011/08/04 01:11:28 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/08/01 13:00:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/25 15:59:22 | 2678,984,704 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/23 22:43:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/23 22:43:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/23 22:43:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/23 22:43:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/23 22:43:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/22 23:48:54 | 001,405,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/08/22 22:22:03 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\nley09pc.exe
[2011/08/22 21:59:26 | 067,889,832 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_en.exe
[2011/08/22 19:28:40 | 000,096,539 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1006.pdf
[2011/08/22 14:06:08 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virus Effect Remover.lnk
[2011/08/18 17:31:55 | 000,967,934 | ---- | C] () -- C:\WINDOWS\umcat_01.db
[2011/08/18 00:32:32 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.0.lnk
[2011/08/17 21:51:07 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rk-proxy.reg
[2011/08/17 20:18:37 | 000,002,544 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/08/17 20:18:37 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/08/11 14:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/08/07 19:13:32 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PCSX2 0.9.8 (r4600).lnk
[2011/08/06 02:09:10 | 000,515,578 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Snapshot of me 1.png
[2011/08/06 02:07:30 | 000,031,344 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Video call snapshot 22.png
[2011/08/06 02:07:26 | 000,028,530 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Video call snapshot 21.png
[2011/06/26 15:48:06 | 000,001,301 | ---- | C] () -- C:\WINDOWS\IDChanger.ini
[2011/06/07 19:49:07 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2011/03/27 03:42:15 | 000,000,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/03/22 16:16:52 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\HtsysmNT.sys
[2011/02/17 00:46:56 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\D2Info0
[2010/11/07 23:49:11 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/09/25 04:51:23 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/08/13 11:43:36 | 000,233,804 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/08/13 11:43:33 | 000,233,804 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/08/13 11:43:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/13 11:41:48 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/03 19:08:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2010/07/03 19:01:29 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/06/12 12:56:39 | 000,001,199 | ---- | C] () -- C:\WINDOWS\PMontage.ini
[2010/06/12 02:29:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/07 19:58:48 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2010/04/08 21:50:19 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/12 22:20:33 | 000,014,042 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\c58EA
[2010/02/27 15:07:16 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2010/02/15 22:26:59 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2010/02/15 22:26:59 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2010/02/15 22:26:59 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2010/02/15 22:24:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/02/15 22:24:01 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/02/10 02:54:44 | 000,047,284 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/10 02:29:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2009/12/25 17:10:31 | 000,141,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/12/25 17:10:26 | 000,281,656 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/12/25 17:10:07 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/12/10 20:49:22 | 000,000,393 | ---- | C] () -- C:\WINDOWS\NJCOM.INI
[2009/11/07 14:20:32 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/08/26 22:46:52 | 016,047,146 | ---- | C] () -- C:\Documents and Settings\Administrator\virgin.flv
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/21 23:44:44 | 092,700,842 | ---- | C] () -- C:\Documents and Settings\Administrator\43501.wmv
[2009/05/08 19:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/04/30 20:40:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/24 16:17:52 | 000,000,873 | ---- | C] () -- C:\WINDOWS\Njstarj.INI
[2009/04/23 00:27:06 | 000,001,235 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/10/07 09:32:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2008/10/02 16:51:24 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/10/02 00:13:45 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 00:08:07 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/02 00:08:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/02 00:08:06 | 002,041,363 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/10/02 00:08:05 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/02 00:08:05 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/02 00:08:05 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/02 00:01:13 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/10/01 23:40:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/01 22:38:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/01 22:01:40 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/10/01 21:56:04 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2008/10/01 21:55:58 | 000,000,188 | R--- | C] () -- C:\WINDOWS\OEM.ini
[2008/10/01 21:48:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/01 21:44:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/01 14:24:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/01 14:23:01 | 003,747,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/04/29 16:46:27 | 000,000,031 | ---- | C] () -- C:\WINDOWS\psr.INI
[2004/08/03 21:07:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/03 21:07:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 21:07:00 | 000,493,622 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/03 21:07:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 21:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 21:07:00 | 000,084,000 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/03 21:07:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 21:07:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 21:07:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/03 21:07:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 21:07:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/03 21:07:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/03 21:07:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/11/16 05:48:02 | 000,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/11/16 05:48:00 | 001,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/11/15 12:54:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/10/06 18:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/01/25 08:04:50 | 000,005,440 | ---- | C] () -- C:\WINDOWS\System32\mciwa16.dll
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mciwaw95.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
[2002/01/25 08:04:50 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
[2002/01/25 08:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
[2002/01/25 08:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini

========== LOP Check ==========

[2008/10/01 23:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2011/02/17 00:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\app
[2011/08/02 22:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2011/06/01 00:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/10/01 23:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreCodec
[2009/06/09 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2010/01/26 14:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Deckadance
[2011/02/18 09:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DiskAid
[2007/04/29 16:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Free Sound Recorder
[2008/10/01 23:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro
[2011/06/26 15:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IDCA
[2009/11/10 17:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011/03/10 16:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LolClient
[2010/01/29 14:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mediafour
[2010/07/11 17:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\My Games
[2010/01/06 20:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2010/08/13 20:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NeopleLauncherDFO
[2009/01/17 02:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nexon
[2009/12/11 12:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NJStar
[2011/08/24 22:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2010/11/17 01:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Polynomial
[2011/01/29 23:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ProgSense
[2011/08/17 21:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2010/06/24 14:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Recu
[2011/06/14 17:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/13 11:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/12/09 04:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ubisoft
[2010/08/05 17:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xilisoft
[2008/10/01 23:47:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/06/13 13:28:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/06/16 18:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/10/07 00:33:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

JimmaWat, Aug 26, 2011

#45

JimmaWat Newcomer, in training Posts: 42

[2011/08/17 20:30:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/06/09 20:21:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/01 04:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Giraffic
[2010/02/09 16:30:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Mediafour
[2011/08/17 22:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/04/08 20:50:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/18 18:10:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/07/14 09:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/08/06 18:30:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/04/23 10:07:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Digital Technologies
[2011/08/24 02:06:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/07/18 22:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/02/15 22:26:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2011/08/18 00:43:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/06/07 20:32:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/09 04:06:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/10/01 22:26:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/06/08 09:57:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2011/08/24 02:07:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/21 17:24:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/02/17 19:02:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\xOcean
[2010/07/30 15:00:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/06 17:50:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/08 11:27:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/09 13:14:47 | 000,000,714 | ---- | M] () -- C:\WINDOWS\Tasks\Test.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: GDI32.DLL >
[2008/10/23 09:01:36 | 000,283,648 | ---- | M] (Microsoft Corporation) MD5=0C07B16769E579F78C541773D0A2E7E0 -- C:\WINDOWS\system32\dllcache\gdi32.dll
[2008/10/23 09:01:36 | 000,283,648 | ---- | M] (Microsoft Corporation) MD5=0C07B16769E579F78C541773D0A2E7E0 -- C:\WINDOWS\system32\gdi32.dll
[2008/10/23 08:43:42 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=1C0D6C10F3E6B8EC4938ECF2ABA862ED -- C:\WINDOWS\$hf_mig$\KB956802\SP3QFE\gdi32.dll
[2008/10/23 08:51:04 | 000,284,160 | ---- | M] (Microsoft Corporation) MD5=6052410CB57D5522574E8DDAEFBC9D87 -- C:\WINDOWS\$hf_mig$\KB956802\SP2QFE\gdi32.dll
[2008/10/23 08:36:14 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=8B1F3320AEBB536E021A5014409862DE -- C:\WINDOWS\$hf_mig$\KB956802\SP3GDR\gdi32.dll
[2008/04/13 20:11:54 | 000,285,184 | ---- | M] (Microsoft Corporation) MD5=B015B9134DAD7E29E7D2D6B5F5C8C2FC -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\gdi32.dll
[2004/08/03 21:07:00 | 000,278,016 | ---- | M] (Microsoft Corporation) MD5=F5AEE133BF44521852819C2202D82453 -- C:\WINDOWS\$NtUninstallKB956802$\gdi32.dll

========== Files - Unicode (All) ==========
[2011/05/13 17:38:38 | 000,031,744 | ---- | M] ()(C:\Documents and Settings\Administrator\Desktop\?????.doc) -- C:\Documents and Settings\Administrator\Desktop\ドンジミー.doc
[2011/05/02 23:20:38 | 000,031,744 | ---- | C] ()(C:\Documents and Settings\Administrator\Desktop\?????.doc) -- C:\Documents and Settings\Administrator\Desktop\ドンジミー.doc
[2009/12/11 14:01:09 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Administrator\Desktop\~$? ??12.doc) -- C:\Documents and Settings\Administrator\Desktop\~$ンジミ12.doc
[2009/12/11 14:01:09 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Administrator\Desktop\~$? ??12.doc) -- C:\Documents and Settings\Administrator\Desktop\~$ンジミ12.doc
[2009/10/28 12:58:42 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Administrator\Desktop\~$?? ???.doc) -- C:\Documents and Settings\Administrator\Desktop\~$ドンジミー.doc
[2009/10/28 12:58:42 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Administrator\Desktop\~$?? ???.doc) -- C:\Documents and Settings\Administrator\Desktop\~$ドンジミー.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
< End of report >

JimmaWat, Aug 26, 2011

#46

Broni Malware Annihilator Posts: 40,051 +187

Do this on the computer you are posting from:
Copy the text in the codebox below:

Code:

:OTL
SRV - File not found [Auto] -- -- (npkcmsvc)
SRV - File not found [Auto] -- -- (HDD & SSD access service)
SRV - [2011/06/15 23:20:35 | 003,435,096 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
DRV - File not found [Kernel | On_Demand] -- -- (XDva389)
DRV - File not found [Kernel | On_Demand] -- -- (XDva388)
DRV - File not found [Kernel | On_Demand] -- -- (XDva387)
DRV - File not found [Kernel | On_Demand] -- -- (XDva386)
DRV - File not found [Kernel | On_Demand] -- -- (XDva385)
DRV - File not found [Kernel | On_Demand] -- -- (XDva383)
DRV - File not found [Kernel | On_Demand] -- -- (XDva380)
DRV - File not found [Kernel | On_Demand] -- -- (XDva375)
DRV - File not found [Kernel | On_Demand] -- -- (XDva370)
DRV - File not found [Kernel | On_Demand] -- -- (XDva362)
DRV - File not found [Kernel | On_Demand] -- -- (XDva359)
DRV - File not found [Kernel | On_Demand] -- -- (XDva358)
DRV - File not found [Kernel | On_Demand] -- -- (XDva354)
DRV - File not found [Kernel | On_Demand] -- -- (XDva352)
DRV - File not found [Kernel | On_Demand] -- -- (XDva351)
DRV - File not found [Kernel | On_Demand] -- -- (XDva349)
DRV - File not found [Kernel | On_Demand] -- -- (XDva347)
DRV - File not found [Kernel | On_Demand] -- -- (XDva346)
DRV - File not found [Kernel | On_Demand] -- -- (XDva343)
DRV - File not found [Kernel | On_Demand] -- -- (XDva341)
DRV - File not found [Kernel | On_Demand] -- -- (XDva337)
DRV - File not found [Kernel | On_Demand] -- -- (XDva332)
DRV - File not found [Kernel | On_Demand] -- -- (XDva328)
DRV - File not found [Kernel | On_Demand] -- -- (XDva326)
DRV - File not found [Kernel | On_Demand] -- -- (XDva296)
DRV - File not found [Kernel | On_Demand] -- -- (XDva285)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
FF - prefs.js..network.proxy.backup.ftp: "80.63.56.146"
FF - prefs.js..network.proxy.backup.ftp_port: 8118
FF - prefs.js..network.proxy.backup.socks: "80.63.56.146"
FF - prefs.js..network.proxy.backup.socks_port: 8118
FF - prefs.js..network.proxy.backup.ssl: "80.63.56.146"
FF - prefs.js..network.proxy.backup.ssl_port: 8118
FF - prefs.js..network.proxy.share_proxy_settings: true
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\AUTMGR32.EXE" /START "%1" %*
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[2011/03/27 03:42:15 | 000,000,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2010/03/12 22:20:33 | 000,014,042 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\c58EA


:Services

:Reg

:Files
C:\WINDOWS\system32\gdi32.dll|C:\WINDOWS\$hf_mig$\KB956802\SP3QFE\gdi32.dll /replace

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive

On the infected computer the following...

Run OTLPE

Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
- (The content of Fix.txt should appear in the box)
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log produced (you'll need to transfer it with USB stick)
Attempt to reboot normally into Windows.

Broni, Aug 26, 2011

#47

JimmaWat Newcomer, in training Posts: 42

Ran OTLPE and did a Fix. Here is the log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npkcmsvc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDD & SSD access service deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai deleted successfully.
C:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva389 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva388 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva387 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva386 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva385 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva383 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva380 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva375 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva370 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva362 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva359 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva358 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva354 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva352 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva351 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva349 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva347 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva346 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva343 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva341 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva337 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva332 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva328 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva326 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva296 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva285 deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "80.63.56.146" removed from network.proxy.backup.ftp
Prefs.js: 8118 removed from network.proxy.backup.ftp_port
Prefs.js: "80.63.56.146" removed from network.proxy.backup.socks
Prefs.js: 8118 removed from network.proxy.backup.socks_port
Prefs.js: "80.63.56.146" removed from network.proxy.backup.ssl
Prefs.js: 8118 removed from network.proxy.backup.ssl_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\secfile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET172.tmp deleted successfully.
C:\WINDOWS\System32\SET176.tmp deleted successfully.
C:\WINDOWS\System32\SET17E.tmp deleted successfully.
C:\WINDOWS\System32\SET1C5.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\Documents and Settings\Administrator\Desktop\~WRL0259.tmp deleted successfully.
C:\Documents and Settings\Administrator\Desktop\~WRL2552.tmp deleted successfully.
C:\~WRL0486.tmp deleted successfully.
C:\~WRL2040.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\18407220 moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\c58EA moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\WINDOWS\system32\gdi32.dll successfully replaced with C:\WINDOWS\$hf_mig$\KB956802\SP3QFE\gdi32.dll
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 08262011_200032

JimmaWat, Aug 26, 2011

#48
JimmaWat Newcomer, in training Posts: 42

My computer can boot normally now. Yayyyyyy. Thanks! One less problem to worry about

JimmaWat, Aug 26, 2011

#49
Broni Malware Annihilator Posts: 40,051 +187

Excellent!
Let me see where we're at....
Hold on there.

Broni, Aug 26, 2011

#50
Broni Malware Annihilator Posts: 40,051 +187

Can you connect to the net?

Broni, Aug 26, 2011

#51
JimmaWat Newcomer, in training Posts: 42

No, not yet. I'm trying all the steps you gave me for the internet before. I'm about to use winsockfix now.

It was weird because I could connect to the internet when I booted with the CD, but not with normal booting.

JimmaWat, Aug 26, 2011

#52
Broni Malware Annihilator Posts: 40,051 +187

OK, let me know.

Broni, Aug 26, 2011

#53
JimmaWat Newcomer, in training Posts: 42

So far no luck. I did everything except for Reinstall BITS because it needs the XP install CD, which I'm looking for right now. But the internet still doesn't work.

JimmaWat, Aug 26, 2011

#54
Broni Malware Annihilator Posts: 40,051 +187
Please download MiniToolBox and run it.

Checkmark following boxes:

Flush DNS

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Users, Partitions and Memory size

Click Go and post the result.
Broni, Aug 26, 2011

#55
JimmaWat Newcomer, in training Posts: 42

MiniToolBox by Farbar
Ran by Administrator (administrator) on 26-08-2011 at 20:19:44
Microsoft Windows XP Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.backup.ftp", ""
"network.proxy.backup.ftp_port", ""
"network.proxy.backup.socks", ""
"network.proxy.backup.socks_port", ""
"network.proxy.backup.ssl", ""
"network.proxy.backup.ssl_port", ""
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

popd
# End of interface IP configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : jimmawat

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-90-F5-8B-2C-33

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 5300

Physical Address. . . . . . . . . : 00-16-EA-5F-CA-C4

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 0.0.0.0

Subnet Mask . . . . . . . . . . . : 0.0.0.0

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 255.255.255.255

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 90 f5 8b 2c 33 ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
0x10004 ...00 16 ea 5f ca c4 ...... Intel(R) Wireless WiFi Link 5300
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 10003 1
255.255.255.255 255.255.255.255 255.255.255.255 10004 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [144384] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/26/2011 08:45:56 PM) (Source: M4iPodWPDDriver) (User: )
Description: WmpContent::CreateInstance()0x80040154

Error: (08/26/2011 08:45:55 PM) (Source: M4iPodWPDDriver) (User: )
Description: OpenConnection()0x80040154

Error: (08/26/2011 08:45:55 PM) (Source: M4iPodWPDDriver) (User: )
Description: DataConnection::OpenConnection()0x80040154

Error: (08/26/2011 08:15:08 PM) (Source: M4iPodWPDDriver) (User: )
Description: WmpContent::CreateInstance()0x80040154

Error: (08/26/2011 08:15:08 PM) (Source: M4iPodWPDDriver) (User: )
Description: OpenConnection()0x80040154

Error: (08/26/2011 08:15:08 PM) (Source: M4iPodWPDDriver) (User: )
Description: DataConnection::OpenConnection()0x80040154

Error: (08/26/2011 08:04:02 PM) (Source: M4iPodWPDDriver) (User: )
Description: WmpContent::CreateInstance()0x80040154

Error: (08/26/2011 08:04:02 PM) (Source: M4iPodWPDDriver) (User: )
Description: OpenConnection()0x80040154

Error: (08/26/2011 08:04:02 PM) (Source: M4iPodWPDDriver) (User: )
Description: DataConnection::OpenConnection()0x80040154

Error: (08/24/2011 05:12:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2031

System errors:
=============
Error: (08/16/2011 01:05:56 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.69 for the Network Card with network address 0016EA5FCAC4 has been
denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/16/2011 01:05:47 PM) (Source: Dhcp) (User: )
Description: The IP address lease 129.133.127.105 for the Network Card with network address 0090F58B2C33 has been
denied by the DHCP server 129.133.1.5 (The DHCP Server sent a DHCPNACK message).

Error: (08/15/2011 10:32:39 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0016EA5FCAC4. The following error
occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (08/15/2011 10:31:30 PM) (Source: Dhcp) (User: )
Description: The IP address lease 129.133.210.213 for the Network Card with network address 0016EA5FCAC4 has been
denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/15/2011 06:24:22 PM) (Source: Dhcp) (User: )
Description: The IP address lease 129.133.210.213 for the Network Card with network address 0016EA5FCAC4 has been
denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (08/14/2011 10:28:55 PM) (Source: Service Control Manager) (User: )
Description: The HDD & SSD access service service failed to start due to the following error:
%%3

Error: (08/14/2011 10:28:55 PM) (Source: Service Control Manager) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (08/14/2011 10:26:18 PM) (Source: Dhcp) (User: )
Description: The IP address lease 129.133.168.57 for the Network Card with network address 0016EA5FCAC4 has been
denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

Error: (08/14/2011 10:18:25 PM) (Source: Dhcp) (User: )
Description: The IP address lease 129.133.60.51 for the Network Card with network address 0090F58B2C33 has been
denied by the DHCP server 129.133.1.5 (The DHCP Server sent a DHCPNACK message).

Error: (08/14/2011 00:18:07 PM) (Source: Service Control Manager) (User: )
Description: The HDD & SSD access service service failed to start due to the following error:
%%3

Microsoft Office Sessions:
=========================
Error: (08/26/2011 08:45:56 PM) (Source: M4iPodWPDDriver)(User: )
Description: WmpContent::CreateInstance()0x80040154

Error: (08/26/2011 08:45:55 PM) (Source: M4iPodWPDDriver)(User: )
Description: OpenConnection()0x80040154

Error: (08/26/2011 08:45:55 PM) (Source: M4iPodWPDDriver)(User: )
Description: DataConnection::OpenConnection()0x80040154

Error: (08/26/2011 08:15:08 PM) (Source: M4iPodWPDDriver)(User: )
Description: WmpContent::CreateInstance()0x80040154

Error: (08/26/2011 08:15:08 PM) (Source: M4iPodWPDDriver)(User: )
Description: OpenConnection()0x80040154

Error: (08/26/2011 08:15:08 PM) (Source: M4iPodWPDDriver)(User: )
Description: DataConnection::OpenConnection()0x80040154

Error: (08/26/2011 08:04:02 PM) (Source: M4iPodWPDDriver)(User: )
Description: WmpContent::CreateInstance()0x80040154

Error: (08/26/2011 08:04:02 PM) (Source: M4iPodWPDDriver)(User: )
Description: OpenConnection()0x80040154

Error: (08/26/2011 08:04:02 PM) (Source: M4iPodWPDDriver)(User: )
Description: DataConnection::OpenConnection()0x80040154

Error: (08/24/2011 05:12:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2031

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 2554.81 MB
Available physical RAM: 1663.43 MB
Total Pagefile: 4443.71 MB
Available Pagefile: 3851.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1992.04 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:150.94 GB) (Free:23.93 GB) NTFS
2 Drive d: (Charmanchu) (Fixed) (Total:81.94 GB) (Free:1.89 GB) NTFS
5 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive h: () (Removable) (Total:3.75 GB) (Free:3.2 GB) NTFS

========================= Users: ========================================

User accounts for \\JIMMAWAT

Administrator ASPNET Guest
HelpAssistant HsUser_foE4nW6BPEh Jimmy
SUPPORT_388945a0

**** End of log ****

JimmaWat, Aug 26, 2011

#56
Broni Malware Annihilator Posts: 40,051 +187

There is definitely something wrong with your settings.

It may have something to do with a file which has been replaced by TDSSKiller - isapnp.sys

Did you find Windows XP CD?

Broni, Aug 26, 2011

#57
JimmaWat Newcomer, in training Posts: 42

Can't seem to find it. Can I download a Windows XP CD and put it on a USB?

JimmaWat, Aug 26, 2011

#58
Broni Malware Annihilator Posts: 40,051 +187
You can't download Windows. Legally at least.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

Double-click SystemLook.exe to run it.

Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator

Copy the content of the following box into the main textfield:

Code:

:filefind isapnp.sys

Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
Broni, Aug 27, 2011

#59
JimmaWat Newcomer, in training Posts: 42

Heh, my line of thought was that since I already own a legal copy of Windows, I would be able to download one as a backup legally. But if we don't need it for this, I won't.

Ran SystemLook.exe. Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 03:03 on 27/08/2011 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "isapnp.sys"
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\isapnp.sys --a---- 37248 bytes [22:30 25/10/2008] [18:36 13/04/2008] 05A299EC56E52649B1CF2FC52D20F2D7
C:\WINDOWS\system32\dllcache\isapnp.sys --a--c- 35840 bytes [01:07 04/08/2004] [17:58 17/08/2001] E504F706CCB699C2596E9A3DA1596E87
C:\WINDOWS\system32\drivers\isapnp.sys --a---- 35840 bytes [01:07 04/08/2004] [03:51 23/08/2011] E504F706CCB699C2596E9A3DA1596E87
C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\isapnp.sys --a---- 35840 bytes [01:58 02/10/2008] [01:07 04/08/2004] E504F706CCB699C2596E9A3DA1596E87

-= EOF =-

JimmaWat, Aug 27, 2011

#60

Page 3 of 5

Topic Status:: Not open for further replies.

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.