Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Corrupted or missing MSIMG32.DLL file with virus

Started by lashom35 , Jan 18 2010 10:17 AM

  • Please log in to reply

#1
lashom35
Posted 18 January 2010 - 10:17 AM

lashom35

    Member

  • Member
  • PipPip
  • 55 posts
I can not access the internet or run aniti virus software due to the missing or corrupted MSIMG32.DLL file. My logs are listed below. Any help or advice is greatly appreciated.

OTL logfile created on: 1/14/2010 11:03:52 AM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = H:\Geeks
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 134.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 47.68 Gb Free Space | 64.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 976.13 Mb Total Space | 28.69 Mb Free Space | 2.94% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: DC4GDH31
Current User Name: Fuzzy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/11 18:29:56 | 00,544,256 | ---- | M] (OldTimer Tools) -- H:\Geeks\OTL.exe
PRC - [2009/01/26 14:31:16 | 02,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 03:43:08 | 00,083,264 | ---- | M] (WinEncrypt) -- C:\WINDOWS\SYSTEM32\wentxp.exe
PRC - [2005/03/01 14:52:10 | 01,695,744 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
PRC - [2005/02/21 12:05:02 | 05,595,136 | ---- | M] (Plextor SA/NV) -- C:\Program Files\Plextor\PlexTool.exe
PRC - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2003/05/02 15:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
PRC - [2002/09/12 09:28:14 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/08/29 05:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
PRC - [2002/02/04 00:07:10 | 00,022,016 | ---- | M] (Inprise Corporation) -- C:\Program Files\Borland\Interbase\Bin\ibguard.exe
PRC - [2002/02/04 00:06:42 | 01,704,448 | ---- | M] (Inprise Corporation) -- C:\Program Files\Borland\Interbase\Bin\ibserver.exe


========== Modules (SafeList) ==========

MOD - [2010/01/11 18:29:56 | 00,544,256 | ---- | M] (OldTimer Tools) -- H:\Geeks\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/09/19 10:38:02 | 00,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008/09/19 10:37:58 | 00,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008/09/19 10:37:36 | 01,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/12/06 23:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 23:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/01/31 03:43:08 | 00,083,264 | ---- | M] (WinEncrypt) [Auto | Running] -- C:\WINDOWS\System32\wentxp.exe -- (wencrservice)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/05/02 15:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
SRV - [2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2002/02/04 00:07:10 | 00,022,016 | ---- | M] (Inprise Corporation) [Auto | Running] -- C:\Program Files\Borland\Interbase\Bin\ibguard.exe -- (InterBaseGuardian)
SRV - [2002/02/04 00:06:42 | 01,704,448 | ---- | M] (Inprise Corporation) [On_Demand | Running] -- C:\Program Files\Borland\Interbase\Bin\ibserver.exe -- (InterBaseServer)


========== Driver Services (SafeList) ==========

DRV - [2009/05/09 00:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nuidfltr.sys -- (NuidFltr)
DRV - [2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL)
DRV - [2008/05/20 19:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RimUsb.sys -- (RimUsb)
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/07/26 03:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2007/06/20 03:00:00 | 00,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/06/20 03:00:00 | 00,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/02/27 10:39:26 | 00,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/01/31 03:43:12 | 00,122,368 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WENCRNT4.sys -- (WENCRNT4)
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RimSerial.sys -- (RimVSerPort)
DRV - [2006/10/10 11:53:48 | 00,005,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/02/16 15:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/03/08 12:43:28 | 00,021,744 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - [2005/03/08 12:43:26 | 00,051,120 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - [2005/03/08 12:43:26 | 00,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - [2005/03/01 14:53:42 | 00,291,456 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/01 14:53:12 | 00,024,064 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/01 14:44:04 | 00,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/01 14:40:24 | 00,202,368 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Udfreadr.sys -- (UDFReadr)
DRV - [2005/03/01 14:39:20 | 00,023,808 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/01 14:27:26 | 00,117,632 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/08/03 23:29:50 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 23:29:48 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 23:29:46 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 23:29:44 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 23:29:42 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 23:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 23:29:38 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 23:29:38 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 23:29:38 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 23:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/09/09 06:00:36 | 00,337,184 | R--- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WUSB20XP.sys -- (PRISM_A02)
DRV - [2003/05/02 15:19:00 | 01,312,555 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/03/04 11:56:26 | 00,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel®
DRV - [2003/02/28 09:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2002/11/08 13:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/10/29 16:38:10 | 00,170,499 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/10/29 16:37:36 | 01,175,536 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/10/29 16:31:28 | 00,604,240 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/10/07 09:29:48 | 00,011,027 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/08/29 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS -- (ROOTMODEM)
DRV - [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 00,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001/05/18 14:59:26 | 00,015,303 | ---- | M] (Efficient Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VVBETH.SYS -- (VVBETHERNET)
DRV - [2001/05/18 14:59:24 | 00,050,393 | ---- | M] (Efficient Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VVBUSUSB.SYS -- (vvbususb)
DRV - [2001/01/02 23:53:30 | 00,019,677 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\xbreader.sys -- (xbreader) MaxDrive XBox Driver (xbreader.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.search-1.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========



[2008/07/15 20:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fuzzy\Application Data\Mozilla\Extensions
[2008/07/15 20:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Fuzzy\Application Data\Mozilla\Firefox\Profiles\6ewzjwep.default\extensions

O1 HOSTS File: (304055 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 64.237.37.47 auto.search.msn.com
O1 - Hosts: 64.237.37.47 auto.search.msn.com
O1 - Hosts: 64.237.37.47 auto.search.msn.com
O1 - Hosts: 217.20.175.74 www.review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 review.2009softwarereviews.com
O1 - Hosts: 217.20.175.74 a1.review.zdnet.com
O1 - Hosts: 217.20.175.74 www.d1.reviews.cnet.com
O1 - Hosts: 217.20.175.74 www.reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 reviews.toptenreviews.com
O1 - Hosts: 217.20.175.74 www.reviews.download.com
O1 - Hosts: 217.20.175.74 reviews.download.com
O1 - Hosts: 217.20.175.74 www.reviews.pcadvisor.c.uk
O1 - Hosts: 217.20.175.74 reviews.pcadvisor.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.pcmag.com
O1 - Hosts: 217.20.175.74 reviews.pcmag.com
O1 - Hosts: 217.20.175.74 www.reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 reviews.pcpro.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.reevoo.com
O1 - Hosts: 217.20.175.74 reviews.reevoo.com
O1 - Hosts: 217.20.175.74 www.reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 reviews.riverstreams.co.uk
O1 - Hosts: 217.20.175.74 www.reviews.techradar.com
O1 - Hosts: 217.20.175.74 reviews.techradar.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 10467 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O4 - HKLM..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe (Plextor SA/NV)
O4 - Startup: C:\Documents and Settings\Fuzzy\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\svcpack.exe) - C:\WINDOWS\System32\svcpack.exe File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Fuzzy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fuzzy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 08:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ba883bcc-1c5e-11de-afed-0007e926099a}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O33 - MountPoints2\{da13b1f6-0832-11dd-adf8-000f66179d6d}\Shell\AutoRun\command - "" = F:\CAEdgemobile.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2003/09/15 17:26:42 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892003295952896)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/11 19:46:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Fuzzy\Desktop\logs
[2010/01/11 18:40:51 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/11 18:33:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/01/11 18:33:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/11 18:32:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/11 18:32:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/11 18:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/07 12:38:56 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/01/02 19:16:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2008/01/12 13:11:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/07/28 11:24:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2006/07/28 10:43:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2004/01/09 14:29:32 | 00,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\TAR32.DLL

========== Files - Modified Within 30 Days ==========

[2010/01/13 14:32:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/11 19:51:19 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/11 19:49:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/11 19:48:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/11 19:48:56 | 53,589,1968 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/11 19:47:59 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Fuzzy\NTUSER.INI
[2010/01/11 19:47:58 | 08,126,464 | ---- | M] () -- C:\Documents and Settings\Fuzzy\ntuser.dat
[2010/01/11 18:41:59 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/11 18:40:53 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Fuzzy\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/11 18:40:51 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Fuzzy\Desktop\NTREGOPT.lnk
[2010/01/11 18:40:51 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Fuzzy\Desktop\ERUNT.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 12:16:25 | 00,387,722 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/01/07 12:16:25 | 00,055,782 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/01/07 12:16:24 | 00,450,390 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Fuzzy\Desktop\gmer.exe

========== Files Created - No Company Name ==========

[2010/01/11 20:03:56 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Fuzzy\Desktop\gmer.exe
[2010/01/11 18:41:59 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/11 18:40:53 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Fuzzy\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/11 18:40:51 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Fuzzy\Desktop\NTREGOPT.lnk
[2010/01/11 18:40:51 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Fuzzy\Desktop\ERUNT.lnk
[2009/01/02 19:17:04 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Fuzzy\Local Settings\Application Data\rx_image.Cache
[2008/11/09 12:09:12 | 00,122,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\WENCRNT4.sys
[2008/01/24 13:27:25 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/01/24 13:27:25 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/01/24 13:27:25 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/01/24 13:27:25 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/06/17 10:20:39 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\Fuzzy\Application Data\$_hpcst$.hpc
[2006/10/08 19:22:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2006/03/25 00:38:45 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\hndlt.ini
[2006/03/25 00:35:37 | 00,000,057 | ---- | C] () -- C:\WINDOWS\System32\windll.ini
[2005/12/31 18:25:03 | 00,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameG.txt
[2005/12/16 18:36:28 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/26 11:54:57 | 00,000,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/11/23 17:40:12 | 00,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameF.txt
[2005/10/15 17:10:25 | 27,930,044 | ---- | C] () -- C:\Documents and Settings\Fuzzy\Local Settings\Application Data\imageCache7.db
[2005/10/15 16:45:33 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2005/08/23 16:45:17 | 00,001,330 | ---- | C] () -- C:\Documents and Settings\Fuzzy\Application Data\AdobeDLM.log
[2005/06/06 18:55:20 | 00,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2005/05/28 20:45:43 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2004/12/04 09:03:26 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Fuzzy\Local Settings\Application Data\fusioncache.dat
[2004/08/20 14:06:47 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/06/13 19:18:58 | 00,000,032 | ---- | C] () -- C:\WINDOWS\AMPlayer.INI
[2004/01/29 17:08:44 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\Lkdlib.dll
[2004/01/09 14:28:38 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\LK_FDEC.dll
[2003/12/01 19:13:37 | 00,000,120 | ---- | C] () -- C:\WINDOWS\cntrs.dll
[2003/11/30 15:49:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Fuzzy\Application Data\dm.ini
[2003/11/22 14:48:59 | 00,100,864 | ---- | C] () -- C:\Documents and Settings\Fuzzy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/10/29 21:27:55 | 00,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/10/29 21:27:48 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/10/29 17:57:15 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3m.DLL
[2003/09/15 18:12:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/15 18:04:51 | 00,000,784 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/09/15 18:03:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/15 17:58:48 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/09/15 17:46:25 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/15 17:46:06 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/09/15 17:30:36 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/05/30 09:00:02 | 01,246,208 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2002/12/12 00:14:32 | 00,132,096 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2002/12/12 00:14:32 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2001/03/09 17:00:00 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2001/03/09 17:00:00 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1980/01/01 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/02/16 10:06:16 | 00,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\HijackThis.exe
[2003/11/26 18:17:11 | 00,008,200 | ---- | M] () -- C:\rawfdllalte.exe


< MD5 for: AGP440.SYS >
[2005/06/06 17:07:42 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/11/24 12:46:49 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2005/06/06 17:07:42 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/11/24 12:46:49 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 13:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 05:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 05:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2005/06/06 17:07:42 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/11/24 12:46:49 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2005/06/06 17:07:42 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/11/24 12:46:49 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/01/31 15:43:30 | 00,087,040 | ---- | M] (Microsoft Corporation) MD5=3C33F5479520844A186C2D43ECFFD477 -- C:\I386\atapi.sys
[2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 23:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 05:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 05:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 05:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 7473 bytes -> C:\WINDOWS\KB840374.log:jrlxii
@Alternate Data Stream - 3567 bytes -> C:\WINDOWS\KB841533.log:brdkcl
@Alternate Data Stream - 11736 bytes -> C:\WINDOWS\KB837001.log:qqasfy
< End of report >

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/11/2010 7:46:24 PM
mbam-log-2010-01-11 (19-46-09).txt

Scan type: Quick Scan
Objects scanned: 113727
Time elapsed: 11 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0d1dbfee-0c43-4223-8b3e-a56fb3c5c87d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx (Adware.Gdown) -> No action taken.
C:\WINDOWS\SYSTEM32\d3dfgmo.dll (Trojan.FakeAlert) -> No action taken.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP