Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Desktop is gone

Started by jllaz , Nov 16 2009 08:29 PM

  • Please log in to reply

#76
chamber
Posted 13 December 2009 - 05:13 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Thanks,

Getting this checked out.

Can I just check though, do you have anything disabled in MSCONFIG?
  • 0

Advertisements

#77
jllaz
Posted 13 December 2009 - 06:15 AM

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Chamber, msconfig is setup for a clean boot. Went into msconfig hide microsoft services and disable all the rest.
  • 0

#78
chamber
Posted 13 December 2009 - 11:28 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Ok,

We need to get another registry export.

Bring up a command prompt window and paste the following in.

reg query "HKLM\SYSTEM\CurrentControlSet\Control\hivelist" /s >hivelog.txt
start notepad hivelog.txt
exit
cls


Post the log here

Also,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
*ntuser.dat
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


If possible, would you be able to try and get an OTL log from normal mode?

Edited by chamber, 13 December 2009 - 11:28 AM.

  • 0

#79
jllaz
Posted 14 December 2009 - 12:14 AM

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Here they are.


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
\REGISTRY\MACHINE\HARDWARE REG_SZ
\REGISTRY\MACHINE\SECURITY REG_SZ \Device\HarddiskVolume2\Windows\System32\config\security
\REGISTRY\MACHINE\SOFTWARE REG_SZ \Device\HarddiskVolume2\Windows\System32\config\software
\REGISTRY\MACHINE\SYSTEM REG_SZ \Device\HarddiskVolume2\Windows\System32\config\system
\REGISTRY\USER\.DEFAULT REG_SZ \Device\HarddiskVolume2\Windows\System32\config\default
\REGISTRY\MACHINE\SAM REG_SZ \Device\HarddiskVolume2\Windows\System32\config\sam
\REGISTRY\MACHINE\COMPONENTS REG_SZ \Device\HarddiskVolume2\Windows\System32\config\components
\REGISTRY\MACHINE\BCD00000000 REG_SZ \Device\HarddiskVolume2\Boot\BCD
\REGISTRY\USER\S-1-5-20 REG_SZ \Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\ntuser.dat
\REGISTRY\USER\S-1-5-19 REG_SZ \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\ntuser.dat



SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 23:04 on 13/12/2009 by SYSTEM (Administrator - Elevation successful)

========== filefind ==========

Searching for "*ntuser.dat"
C:\ProgramData\ntuser.dat --a--- 262144 bytes [22:06 09/05/2007] [22:06 09/05/2007] 2BE4D67051C3E8046F935C33D97E89E5
C:\Users\All Users\ntuser.dat --a--- 262144 bytes [22:06 09/05/2007] [22:06 09/05/2007] 2BE4D67051C3E8046F935C33D97E89E5
C:\Users\Default\NTUSER.DAT --ahs- 262144 bytes [10:22 02/11/2006] [06:37 06/09/2009] 85C04A06AA62876BF2F7279C2972F481
C:\Users\Jerry\ntuser.dat --a--- 262144 bytes [14:53 04/12/2009] [12:35 09/12/2009] 6D11BAF98C0DEB12B13392891B0B4088
C:\Users\Public\ntuser.dat --a--- 262144 bytes [22:06 09/05/2007] [13:53 28/09/2009] 20413D4D3A6450EE6640E87C8618E68B
C:\Windows\ERDNT\Hiv-backup\Users\00000001\ntuser.dat --a--- 208896 bytes [23:11 28/11/2009] [23:11 28/11/2009] 6A9F46832978EEB81A8304CBBC8AEC50
C:\Windows\ERDNT\Hiv-backup\Users\00000002\ntuser.dat --a--- 208896 bytes [23:11 28/11/2009] [23:11 28/11/2009] E4E930A666859497DCE5F4B9B30C189C
C:\Windows\ERDNT\subs\Users\00000001\ntuser.dat --a--- 208896 bytes [02:00 24/11/2009] [02:00 24/11/2009] 30F9A30C983CBED8B09D78C1897B59F1
C:\Windows\ERDNT\subs\Users\00000002\ntuser.dat --a--- 208896 bytes [02:00 24/11/2009] [02:00 24/11/2009] 780A635E5519BDEB6A7E036B0955C9E7
C:\Windows\ServiceProfiles\LocalService\ntuser.dat --a--- 208896 bytes [12:47 02/11/2006] [06:03 14/12/2009] (Unable to calculate MD5)
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat --ahs- 262144 bytes [12:47 02/11/2006] [06:03 14/12/2009] (Unable to calculate MD5)

-=End Of File=-
  • 0

#80
jllaz
Posted 14 December 2009 - 12:32 AM

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Chamber, this was runned in Normal Mode.


COTL logfile created on: 12/13/2009 11:18:11 PM - Run 2
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.41% Memory free
4.00 Gb Paging File | 3.41 Gb Available in Paging File | 85.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 184.84 Gb Total Space | 60.89 Gb Free Space | 32.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JERRY-PC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/11 20:28:55 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
PRC - [2009/09/05 22:38:15 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/22 17:14:26 | 00,797,080 | ---- | M] () -- C:\Program Files\BufferZone\ClntSvc.exe
PRC - [2008/12/22 17:14:24 | 00,065,240 | ---- | M] () -- C:\Program Files\BufferZone\BZRpcSs.exe
PRC - [2008/12/22 17:14:16 | 00,069,336 | ---- | M] () -- C:\Program Files\BufferZone\BZDcomLaunch.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/07 08:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/11/14 12:08:48 | 00,027,400 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2007/04/27 20:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/03/20 14:22:06 | 00,114,344 | ---- | M] ( ) -- C:\Program Files\Maxtor\Utils\SyncServices.exe
PRC - [2007/03/15 13:48:26 | 00,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2007/02/27 16:57:48 | 00,716,456 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\ManagerApp\OneTouch.exe
PRC - [2007/02/10 04:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/10 04:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/02 14:56:52 | 00,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 17:50:26 | 00,063,096 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2007/01/22 12:11:50 | 00,108,064 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
PRC - [2006/12/19 23:15:44 | 00,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2006/11/14 20:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/10/27 07:36:32 | 00,303,104 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
PRC - [2006/10/27 07:33:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2006/10/26 21:14:16 | 00,294,912 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
PRC - [2006/10/05 12:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 16:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/11 20:28:55 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
MOD - [2008/12/22 17:14:50 | 00,167,640 | ---- | M] () -- C:\Program Files\BufferZone\RlHook.dll
MOD - [2008/12/22 17:14:28 | 00,134,360 | ---- | M] (www.madshi.net) -- C:\Windows\System32\madCHook.dll
MOD - [2008/01/18 22:26:36 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/08 20:09:30 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/06 19:42:27 | 00,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/09/06 07:49:44 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/05 20:27:38 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Virtual\Untrusted\C_\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc_Untrusted_BZ)
SRV - [2009/09/05 20:27:38 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/12/22 17:14:26 | 00,797,080 | ---- | M] () [Auto | Running] -- C:\Program Files\BufferZone\ClntSvc.exe -- (BufferZoneSvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/19 18:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/08/15 04:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/07/07 08:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Start_Pending] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/18 22:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stop_Pending] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/09 15:16:34 | 01,862,144 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - [2007/04/27 20:15:46 | 00,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/20 14:22:06 | 00,114,344 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Maxtor\Utils\SyncServices.exe -- (NTService1)
SRV - [2007/03/15 13:48:26 | 00,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2007/02/10 04:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 04:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007/02/10 04:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/02 14:56:52 | 00,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 17:50:26 | 00,063,096 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 17:47:50 | 00,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/22 12:11:50 | 00,108,064 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
SRV - [2006/12/19 23:15:44 | 00,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/11/14 20:33:10 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/11/02 19:40:12 | 00,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/27 07:36:32 | 00,303,104 | ---- | M] (Sonic Solutions) [Auto | Stop_Pending] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2006/10/27 07:35:16 | 00,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/10/27 07:33:00 | 00,159,744 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/10/26 23:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 21:14:42 | 00,057,344 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2006/10/26 21:14:16 | 00,294,912 | ---- | M] (Sonic Solutions) [Auto | Stop_Pending] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 12:10:12 | 00,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 16:39:48 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 18:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/10/14 01:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 18:39:49 | 00,011,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\uzkwmzmy.sys -- (uzkwmzmy)
DRV - [2009/09/05 19:18:23 | 00,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/09/02 03:09:24 | 00,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/06/19 20:44:14 | 00,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/20 06:37:42 | 00,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/12/22 17:14:36 | 00,350,424 | ---- | M] (BufferZone) [File_System | Boot | Running] -- C:\Windows\System32\drivers\REDLIGHT.SYS -- (REDLIGHT)
DRV - [2008/11/17 14:40:22 | 03,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/14 06:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/02/11 18:36:10 | 02,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/11 18:36:10 | 02,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008/02/06 02:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/11/14 11:29:18 | 00,047,120 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/11/09 04:00:52 | 00,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/04/27 20:13:58 | 00,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/03/12 19:48:56 | 00,351,744 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2007/03/06 20:39:20 | 00,694,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/02/14 14:11:26 | 01,740,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/26 17:13:40 | 00,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2006/12/09 01:01:02 | 02,206,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2006/11/28 15:11:00 | 01,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/27 11:19:26 | 00,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006/10/23 16:32:20 | 00,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 11:50:04 | 00,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/09/27 20:06:56 | 00,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2006/07/28 16:25:26 | 00,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2006/02/14 11:50:52 | 00,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2005/09/27 16:57:38 | 00,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2005/04/06 13:05:24 | 00,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (CBZurlmon Object) - {311BA51F-64F2-439D-9A4A-772373D77312} - C:\Program Files\BufferZone\BZbho.dll (Trustware)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/11 20:28:53 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2009/12/10 22:45:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Adobe
[2009/12/10 18:18:53 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Videos
[2009/12/10 18:18:53 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Pictures
[2009/12/10 18:18:53 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Music
[2009/12/10 18:18:53 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Downloads
[2009/12/10 18:16:09 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Identities
[2009/12/10 18:16:05 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Documents
[2009/12/07 18:58:45 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Chief Architect Full Version 11
[2009/12/07 17:22:28 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Desktop
[2009/12/03 09:28:48 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Roxio
[2009/12/03 08:22:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Shareaza
[2009/12/03 08:22:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Shareaza
[2009/12/02 23:18:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Malwarebytes
[2009/12/01 13:41:42 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp
[2009/12/01 13:37:18 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\WinRAR
[2009/12/01 10:25:47 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia
[2009/12/01 10:25:37 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe
[2009/12/01 10:23:30 | 00,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Favorites
[2009/12/01 10:15:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft
[2009/12/01 10:15:36 | 00,000,000 | ---D | C] -- C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft
[2009/12/01 10:15:35 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData
[2009/11/29 08:49:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2009/11/28 16:25:45 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/11/28 16:10:31 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/28 00:06:33 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/11/15 18:50:25 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/15 13:02:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malbytes' Anti-Malware
[2009/11/15 12:56:32 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/15 12:56:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/15 12:56:31 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/15 12:56:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/15 12:50:25 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/15 12:45:18 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2006/09/14 10:32:20 | 00,028,672 | R--- | C] ( ) -- C:\Windows\System32\DivXGraphBuilderCallback.dll

========== Files - Modified Within 30 Days ==========

[2009/12/13 23:16:27 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/13 23:16:26 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/13 23:16:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/13 23:15:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/13 23:15:30 | 21,371,20768 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/13 23:03:18 | 00,102,660 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\SystemLook.exe
[2009/12/11 20:28:55 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2009/12/11 20:25:24 | 02,469,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/10 22:54:19 | 03,023,392 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Documents\Decrypting Intelliforms 9-8-08.pdf
[2009/12/08 19:54:18 | 00,174,232 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/08 19:54:18 | 00,000,680 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
[2009/12/04 09:10:28 | 00,004,608 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/02 18:39:49 | 00,011,264 | ---- | M] () -- C:\Windows\System32\drivers\uzkwmzmy.sys
[2009/11/28 16:23:03 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/28 00:06:33 | 17,205,6329 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/25 22:35:55 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/25 22:35:55 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/23 19:08:13 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/20 14:37:17 | 00,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/20 14:37:17 | 00,118,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/20 14:37:17 | 00,000,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/15 13:02:20 | 00,000,809 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe

========== Files Created - No Company Name ==========

[2009/12/13 23:15:30 | 21,371,20768 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/13 23:03:16 | 00,102,660 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\SystemLook.exe
[2009/12/10 22:54:19 | 03,023,392 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Documents\Decrypting Intelliforms 9-8-08.pdf
[2009/12/08 19:54:18 | 00,000,680 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\d3d9caps.dat
[2009/12/04 09:10:26 | 00,004,608 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/02 18:39:49 | 00,011,264 | ---- | C] () -- C:\Windows\System32\drivers\uzkwmzmy.sys
[2009/11/28 00:06:07 | 17,205,6329 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/11/25 22:35:55 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/11/25 22:35:55 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/11/23 09:27:11 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/23 09:27:11 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/15 12:56:35 | 00,000,809 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/06 16:07:49 | 00,002,212 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/11 08:33:36 | 00,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/11 07:25:21 | 00,000,025 | ---- | C] () -- C:\Windows\EP_SPR380.ini
[2009/09/10 12:21:57 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/06 18:56:12 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/06 18:56:12 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/12/22 17:14:50 | 01,279,704 | ---- | C] () -- C:\Windows\System32\RlShellExt.dll
[2008/12/22 17:14:36 | 00,428,832 | ---- | C] () -- C:\Windows\System32\Ole2Plgin.dll
[2008/12/22 17:14:14 | 00,179,928 | ---- | C] () -- C:\Windows\System32\AM.dll
[2008/02/11 18:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/05/09 18:25:14 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/09 15:24:17 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/09 15:06:33 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:33 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dd02-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TMContainer00000000000000000002.regtrans-ms
[2007/05/09 15:06:32 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2007/05/09 15:06:32 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{26e3dcf2-fe70-11db-9767-0016d4904cfa}.TM.blf
[2007/05/09 15:06:32 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2007/05/09 15:06:32 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2007/05/09 14:58:17 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/09 14:58:17 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/09 14:58:17 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/09 14:58:16 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/09 14:58:16 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/09 14:58:16 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/09 14:30:52 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/09 14:30:51 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/09 14:30:51 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/09 14:30:51 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/03/06 12:49:42 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006/12/05 13:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/24 07:48:44 | 00,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2006/11/10 08:17:52 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/26 22:02:40 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/10/26 22:02:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/11/23 14:55:42 | 00,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005/07/15 11:35:56 | 00,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 11:35:56 | 00,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2005/07/15 11:35:24 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[1996/02/01 17:25:42 | 00,943,616 | ---- | C] () -- C:\Windows\System32\dfolder.dll
< End of report >
  • 0

#81
chamber
Posted 14 December 2009 - 11:26 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

Can you paste this into an elevated command prompt window.

reg add HKLM\SYSTEM\CurrentControlSet\Control\hivelist /v \REGISTRY\USER\S-1-5-21-2604506643-2707541610-3872154351-1000 /t REG_SZ /d \Device\HarddiskVolume2\Users\Jerry\NTUSER.DAT
reg add HKLM\SYSTEM\CurrentControlSet\Control\hivelist /v \REGISTRY\USER\S-1-5-21-2604506643-2707541610-3872154351-1000_Classes /t REG_SZ /d \Device\HarddiskVolume2\Users\Jerry\AppData\Local\Microsoft\Windows\UsrClass.dat

  • 0

#82
jllaz
Posted 14 December 2009 - 07:19 PM

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Chamber, Am I supposed to get some kind of log?. I Did the Windows button+R and pasted the command somthing just flikered on the screen but I don't see a report.
  • 0

#83
chamber
Posted 15 December 2009 - 01:57 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Sorry,

I should have made my instructions more clear.

Click on the start button and in the search menu type cmd, right click on the command prompt icon and select run as administrator.

This will open an elevated command prompt window.

Copy and paste the contents of the code box,

reg add HKLM\SYSTEM\CurrentControlSet\Control\hivelist /v \REGISTRY\USER\S-1-5-21-2604506643-2707541610-3872154351-1000 /t REG_SZ /d \Device\HarddiskVolume2\Users\Jerry\NTUSER.DAT
reg add HKLM\SYSTEM\CurrentControlSet\Control\hivelist /v \REGISTRY\USER\S-1-5-21-2604506643-2707541610-3872154351-1000_Classes /t REG_SZ /d \Device\HarddiskVolume2\Users\Jerry\AppData\Local\Microsoft\Windows\UsrClass.dat

Reboot your computer and then log into your own account in normal mode.

Let me know how that goes.

:)
  • 0

#84
jllaz
Posted 17 December 2009 - 09:27 AM

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Chamber, sorry I had not respond. I performed the above instructions, I rebooted in Normal Mode but everything still the same. I got the same message. I rebooted in safe mode again and now I can not log in with Network connection so I'm not able to get internet. I'm out in the field right now, when I get home I'll use my desktop to comunicate with you. and if you have any ideas let me know. thanks
  • 0

#85
chamber
Posted 17 December 2009 - 11:12 AM

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

We need to get a new export.

Bring up a command prompt window and paste the following in.

reg query "HKLM\SYSTEM\CurrentControlSet\Control\hivelist" /s >hivelog2.txt
start notepad hivelog2.txt
exit
cls

Post the contents of hivelog2.txt

Edited by chamber, 17 December 2009 - 11:13 AM.

  • 0

Advertisements

#86
jllaz
Posted 17 December 2009 - 10:19 PM

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
I logged in as administrator in Normal Mode and here is the log.



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
\REGISTRY\MACHINE\HARDWARE REG_SZ
\REGISTRY\MACHINE\SECURITY REG_SZ \Device\HarddiskVolume2\Windows\System32\config\security
\REGISTRY\MACHINE\SOFTWARE REG_SZ \Device\HarddiskVolume2\Windows\System32\config\software
\REGISTRY\MACHINE\SYSTEM REG_SZ \Device\HarddiskVolume2\Windows\System32\config\system
\REGISTRY\USER\.DEFAULT REG_SZ \Device\HarddiskVolume2\Windows\System32\config\default
\REGISTRY\MACHINE\SAM REG_SZ \Device\HarddiskVolume2\Windows\System32\config\sam
\REGISTRY\MACHINE\COMPONENTS REG_SZ \Device\HarddiskVolume2\Windows\System32\config\components
\REGISTRY\MACHINE\BCD00000000 REG_SZ \Device\HarddiskVolume2\Boot\BCD
\REGISTRY\USER\S-1-5-19 REG_SZ \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\ntuser.dat
\REGISTRY\USER\S-1-5-20 REG_SZ \Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\ntuser.dat
\Registry\User\S-1-5-21-2604506643-2707541610-3872154351-500 REG_SZ \Device\HarddiskVolume2\Users\Administrator\NTUSER.DAT
\Registry\User\S-1-5-21-2604506643-2707541610-3872154351-500_Classes REG_SZ \Device\HarddiskVolume2\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat
  • 0

#87
noahdfear
Posted 17 December 2009 - 10:54 PM

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
Hi jllaz,

chamber has requested some help with your complex problem. Please open an elevated command window as chamber described in post #83 above. Highlight and copy the contents of the code box below then right click in the command window and paste in the copied text.

@echo off
reg add HKLM\SYSTEM\CurrentControlSet\Control\hivelist /v \REGISTRY\USER\S-1-5-21-2604506643-2707541610-3872154351-1000 /t REG_SZ /d \Device\HarddiskVolume2\Users\Jerry\NTUSER.DAT
reg add HKLM\SYSTEM\CurrentControlSet\Control\hivelist /v \REGISTRY\USER\S-1-5-21-2604506643-2707541610-3872154351-1000_Classes /t REG_SZ /d \Device\HarddiskVolume2\Users\Jerry\AppData\Local\Microsoft\Windows\UsrClass.dat
reg query HKLM\SYSTEM\CurrentControlSet\Control\hivelist >hivelog2.txt
dir %systemdrive%\Users\Jerry\NTUSER.DAT /a h >>hivelog2.txt
dir %systemdrive%\Users\Jerry\AppData\Local\Microsoft\Windows\UsrClass.dat /a h >>hivelog2.txt
start notepad hivelog2.txt
exit
cls

The window will close on it's own and a log will open. Please post the contents of that log here.
  • 0

#88
jllaz
Posted 18 December 2009 - 07:16 AM

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Hi Noahdfear, glad you can help! Please tell Chamber, I appreciate all the help he has provided keep up the good work. Here is the log you requested.



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
\REGISTRY\MACHINE\HARDWARE REG_SZ
\REGISTRY\MACHINE\SECURITY REG_SZ \Device\HarddiskVolume2\Windows\System32\config\security
\REGISTRY\MACHINE\SOFTWARE REG_SZ \Device\HarddiskVolume2\Windows\System32\config\software
\REGISTRY\MACHINE\SYSTEM REG_SZ \Device\HarddiskVolume2\Windows\System32\config\system
\REGISTRY\USER\.DEFAULT REG_SZ \Device\HarddiskVolume2\Windows\System32\config\default
\REGISTRY\MACHINE\SAM REG_SZ \Device\HarddiskVolume2\Windows\System32\config\sam
\REGISTRY\MACHINE\COMPONENTS REG_SZ \Device\HarddiskVolume2\Windows\System32\config\components
\REGISTRY\MACHINE\BCD00000000 REG_SZ \Device\HarddiskVolume2\Boot\BCD
\REGISTRY\USER\S-1-5-19 REG_SZ \Device\HarddiskVolume2\Windows\ServiceProfiles\LocalService\ntuser.dat
\REGISTRY\USER\S-1-5-20 REG_SZ \Device\HarddiskVolume2\Windows\ServiceProfiles\NetworkService\ntuser.dat
\Registry\User\S-1-5-21-2604506643-2707541610-3872154351-500 REG_SZ \Device\HarddiskVolume2\Users\Administrator\NTUSER.DAT
\Registry\User\S-1-5-21-2604506643-2707541610-3872154351-500_Classes REG_SZ \Device\HarddiskVolume2\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat
\REGISTRY\USER\S-1-5-21-2604506643-2707541610-3872154351-1000 REG_SZ \Device\HarddiskVolume2\Users\Jerry\NTUSER.DAT
\REGISTRY\USER\S-1-5-21-2604506643-2707541610-3872154351-1000_Classes REG_SZ \Device\HarddiskVolume2\Users\Jerry\AppData\Local\Microsoft\Windows\UsrClass.dat

Volume in drive C is SQ008696V02
Volume Serial Number is 966B-2626

Directory of C:\Users\Jerry

12/17/2009 08:43 PM 524,288 ntuser.dat
1 File(s) 524,288 bytes

Directory of C:\Windows\system32

Volume in drive C is SQ008696V02
Volume Serial Number is 966B-2626

Directory of C:\Users\Jerry\AppData\Local\Microsoft\Windows

11/12/2009 01:02 AM 1,310,720 UsrClass.dat
1 File(s) 1,310,720 bytes

Directory of C:\Windows\system32
  • 0

#89
noahdfear
Posted 18 December 2009 - 08:05 AM

noahdfear

    Malware Expert

  • Expert
  • 1,316 posts
  • MVP
Everything appears to be in order now. Please Log Off the Administrator account and Logon to Jerry and let me know how things look.
  • 0

#90
jllaz
Posted 18 December 2009 - 08:31 AM

jllaz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Now I can't log in with my user acct. (Jerry). "The group policy client service failed to logon. access denied" message appears. I rebooted and tried to access my acct. the same message came up. I'm logged in as administrator again.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP