Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Heur Exploit Script virus looping to blue screen on start up

Started by Jan1959 , Dec 30 2010 03:49 PM

  • This topic is locked This topic is locked

#106
Jan1959
Posted 08 January 2011 - 05:04 AM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
The BootFix was successful and the "no Boot.ini" message at start up has disappeared.

I am now trying to install the Recovery Console from my XP disk but I am receiving the Setup message that the version of Windows on my PC in newer than the version on the disk. (The disk came with a different PC)
It then says to erase the newer version and install the older version, I should restart the computer and boot from the CD.

I am not sure what to do. please advise.
Thanks
  • 0

Advertisements

#107
JSntgRvr
Posted 08 January 2011 - 10:27 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Slipstream XP to SP3, then use the new CD to install the Recovery Console:

http://www.helpwithw...ice_Pack_3.html

Note that they use the E: drive as an example. In your case C: will be the right choice.

Let me know the outcome.
  • 1

#108
Jan1959
Posted 08 January 2011 - 12:27 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
I have been trying to integrate the files for a long time now with no success. Although the instructions state that I should name a file starting with \, my system will not accept it. I have tried many variations. I have called the first file XP-SP3 and the second one XP-CD. Would you be able to tell me the exact CMD path instruction as everything that I try comes up as "not an internal or external command".

I realise that I must be doing something wrong
  • 0

#109
JSntgRvr
Posted 08 January 2011 - 03:48 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
This is the process to integrate the Service Packs:


  • Create a folder in the C:\ folder labeled XP-SP3. Download the Network Install package to this folder.
  • Create a folder in the C:\ folder labeled XP-CD. Copy the contents of your XP install CD to this folder.
  • Open a Command prompt (Start->Run, type CMD and click OK).
  • At the prompt type the following and press Enter after each line:

    cd c:\
    cd XP-SP3
    WindowsXP-KB936929-SP3-x86-ENU.exe /integrate:C:\XP-CD.

  • You will type the last command in the c:\XP-SP3 prompt. Leave a space between .exe and /integrate
  • Once done, type Exit and press Enter to return to Windows.
Let me know if having problems Creating a Bootable CD
  • 0

#110
Jan1959
Posted 09 January 2011 - 12:11 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
I have managed to integrate the disks but when I did it a message came saying that there might be errors on the copying. When I try to run the disk on the sick PC it comes up with the location is unavailable and that it might be either a network or internet problem.

Sorry for the delay in replying, work commitments again.
  • 0

#111
JSntgRvr
Posted 09 January 2011 - 03:42 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

I have managed to integrate the disks but when I did it a message came saying that there might be errors on the copying. When I try to run the disk on the sick PC it comes up with the location is unavailable and that it might be either a network or internet problem.

Sorry for the delay in replying, work commitments again.

The resulting disk should be used only to install the Recovery Console. Is that where you received this error?
  • 0

#112
Jan1959
Posted 10 January 2011 - 12:43 AM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Yes, when I run d:\i386\winnt32.exe /cmdcons I get the error message
  • 0

#113
JSntgRvr
Posted 10 January 2011 - 12:53 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
In checking the System hive you uploaded, there are several services disabled. I would like to run a fix to activate those services.

  • Boot to the OTLPE CD
  • Please double-click OTLPE.exe to run it as you did before.
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ALG]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AppMgmt]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Browser]
    "Start"=2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\COMSysApp]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dhcp]
    "Start"=2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dmadmin]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dmserver]
    "Start"=2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dnscache]
    "Start"=2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dot3svc]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\EapHost]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ehRecvr]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ehSched]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\EventSystem]
    "Start"=2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\FastUserSwitchingCompatibility]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\FontCache3.0.0.0]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\HidServ]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ImapiService]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanserver]
    "Start"=2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanworkstation]
    "Start"=2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\LmHosts]
    "Start"=2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\McrdSvc]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSIServer]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\napagent]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Netlogon]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Netman]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Nla]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PolicyAgent]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ProtectedStorage]
    "Start"=2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RasAuto]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RasMan]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SamSs]
    "Start"=2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Schedule]
    "Start"=2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ShellHWDetection]
    "Start"=2
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\stisvc]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TapiSrv]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TermService]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Themes]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TrkWks]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\upnphost]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WebClient]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WmiApSrv]
    "Start"=3
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WZCSVC]
    "Start"=2

  • Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

If successful, restart the computer in Normal Mode. Any difference?
  • 1

#114
Jan1959
Posted 10 January 2011 - 02:06 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Please find OTLPE log below.
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ALG]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AppMgmt]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Browser]
"Start"=2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\COMSysApp]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dhcp]
"Start"=2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dmadmin]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dmserver]
"Start"=2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dnscache]
"Start"=2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dot3svc]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\EapHost]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ehRecvr]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ehSched]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\EventSystem]
"Start"=2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\FastUserSwitchingCompatibility]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\FontCache3.0.0.0]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\HidServ]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ImapiService]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanserver]
"Start"=2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanworkstation]
"Start"=2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\LmHosts]
"Start"=2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\McrdSvc]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSIServer]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\napagent]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Netlogon]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Netman]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Nla]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PolicyAgent]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ProtectedStorage]
"Start"=2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RasAuto]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RasMan]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SamSs]
"Start"=2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Schedule]
"Start"=2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ShellHWDetection]
"Start"=2
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\stisvc]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TapiSrv]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TermService]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Themes]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TrkWks]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\upnphost]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WebClient]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WmiApSrv]
"Start"=3
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WZCSVC]
"Start"=2
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ALG\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\AppMgmt\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Browser\\"Start"|2 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\COMSysApp\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dhcp\\"Start"|2 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dmadmin\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\dmserver\\"Start"|2 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dnscache\\"Start"|2 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Dot3svc\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\EapHost\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ehRecvr\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ehSched\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\EventSystem\\"Start"|2 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\FastUserSwitchingCompatibility\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\FontCache3.0.0.0\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\HidServ\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ImapiService\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanserver\\"Start"|2 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lanmanworkstation\\"Start"|2 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\LmHosts\\"Start"|2 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\McrdSvc\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\MSIServer\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\napagent\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Netlogon\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Netman\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Nla\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PolicyAgent\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ProtectedStorage\\"Start"|2 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RasAuto\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\RasMan\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SamSs\\"Start"|2 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Schedule\\"Start"|2 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ShellHWDetection\\"Start"|2 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\stisvc\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TapiSrv\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TermService\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Themes\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TrkWks\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\upnphost\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WebClient\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WmiApSrv\\"Start"|3 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\WZCSVC\\"Start"|2 /E : value set successfully!

OTLPE by OldTimer - Version 3.1.43.0 log created on 01102011_195858




I have started the pc in normal mode but I have lost all the icons and the task bar again so I cannot test it any further.

I have just tried rebooting again and the task bar and icons are up now. I tried the internet and it asked me whether I wanted wired or wireless connection. I tried for the wireless but I got this error report
Last diagnostic run time: 01/10/11 20:09:52 Wireless Diagnostic
Wireless - Service disabled

info Redirecting user to support call



WinSock Diagnostic
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
error Provider entry RSVP UDP Service Provider could not perform simple loopback communication. Error 10091.
error Provider entry RSVP TCP Service Provider could not perform simple loopback communication. Error 10091.
error A connectivity problem exists with a base winsock provider.



Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Local Area Connection, Device=Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=Wireless Network Connection, Device=Intel® PRO/Wireless 3945ABG Network Connection, MediaType=LAN, SubMediaType=WIRELESS
info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394
info Both Ethernet and Wireless connections available, prompting user for selection
action User input required: Select network connection
info Wireless connection selected
Network adapter status

info Network connection status: Media disconnected



HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn HTTP: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn FTP (Passive): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.microsoft.com: The server name or address could not be resolved
warn FTP (Active): Error 12007 connecting to ftp.microsoft.com: The server name or address could not be resolved
warn HTTP: Error 12007 connecting to www.hotmail.com: The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to www.passport.net: The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.


Also my flash drive is now working in Windows mode.

The pc is getter better! :D

Edited by Jan1959, 10 January 2011 - 02:15 PM.

  • 0

#115
JSntgRvr
Posted 10 January 2011 - 03:23 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Lets try these commands again:
  • Enter your Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.
  • Left click on Properties
  • Double-Click on the Internet Protocol (TCP/IP) item
  • Select the radio dial that says Obtain DNS Servers Automatically
  • Press OK twice to get out of the properties screen
Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:


netsh int ip reset C:\Resetlog.txt
netsh winsock reset catalog
ipconfig /flushdns (The space between g and / is needed)
Exit

Restart the computer. Keep me posted.
  • 0

Advertisements

#116
Jan1959
Posted 11 January 2011 - 02:23 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Obtain DNS Servers Automatically was already selected but I still pressed ok.

netsh int ip reset C:\Resetlog.txt was unsuccessful - command not found.
netsh winsock reset catalog was completed.
ipconfig /flushdns - message could not flush this DNS Resolver Cache due to fuction failed during execution.

I have tried the internet again just in case but I am still getting the message that windows cannot configure the wireless connection.

Still getting the following on start up

1) lxdfamon.exe entry point not found. The procedure entry point GetRequestedRuntimeInfo could not be located int he dynamic link library mscoree.dll

2) .netframework initialization error. C:\WINDOWS\microsoft.net\Framework\V2.0.50727 mscorwks.dll could not be loaded. am also still getting the same 2 error messages lxdfamon.exe on start up.

Edited by Jan1959, 11 January 2011 - 02:40 PM.

  • 0

#117
JSntgRvr
Posted 11 January 2011 - 05:13 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
If you have a Lexmark Printer application installed, remove the application. We can always deal with that later.

Run the Test.bat previously downloaded and post its report.

Lets find all instances of these files having problems.

Restart the computer back to the OTLPE CD.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in

      /md5start
      mscoree.dll
      mscorwks.dll
      dhcpcsvc.dll
      tcpip.sys
      /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply also.

  • 0

#118
Jan1959
Posted 12 January 2011 - 02:37 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Good Evening,

Here is the first Test.Bat report.



Windows IP Configuration



Host Name . . . . . . . . . . . . : YOUR-FD1326E9DC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-18-DE-10-A2-43



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller

Physical Address. . . . . . . . . : 00-E0-B8-AE-42-10

Ping request could not find host Yahoo.com. Please check the name and try again.

Ping request could not find host Google.com. Please check the name and try again.

These Windows services are started:

Application Layer Gateway Service
Automatic Updates
Background Intelligent Transfer Service
COM+ Event System
COM+ System Application
CryptSvc
DCOM Server Process Launcher
Error Reporting Service
Event Log
Fast User Switching Compatibility
Help and Support
Media Center Scheduler Service
Network Connections
Network Location Awareness (NLA)
Plug and Play
Print Spooler
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Secondary Logon
Security Center
Shell Hardware Detection
System Event Notification
System Restore Service
Telephony
Terminal Services
Windows Defender
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Workstation

The command completed successfully.
  • 0

#119
Jan1959
Posted 12 January 2011 - 02:57 PM

Jan1959

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
This is the OTLPE report


OTL logfile created on: 1/12/2011 8:46:13 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 135.06 Gb Free Space | 90.62% Space Free | Partition Type: NTFS
Drive D: | 3.81 Gb Total Space | 3.68 Gb Free Space | 96.43% Space Free | Partition Type: FAT32
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet004

========== Win32 Services (SafeList) ==========

SRV - [2008/06/23 06:54:14 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Disabled] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/02/12 07:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Disabled] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2006/11/03 13:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\default\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aec.sys -- (aec)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/08/26 08:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/08/14 05:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 19:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 14:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 14:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 14:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 14:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 13:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 13:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 13:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2008/04/13 13:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 13:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 13:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 13:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 13:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 13:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 13:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dmusic.sys -- (DMusic)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/04/13 13:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 13:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 13:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 13:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 13:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 13:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 13:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 13:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 13:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 13:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 13:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 13:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/04/13 13:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 13:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541)
DRV - [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/04/13 13:36:37 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmbatt.sys -- (CmBatt)
DRV - [2008/04/13 13:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 13:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 13:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/30 13:57:38 | 001,671,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/02/12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/01/13 04:33:18 | 005,672,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/04/03 21:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/01/23 02:50:00 | 000,244,480 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/01/10 12:32:20 | 000,861,639 | R--- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/12/26 12:21:38 | 001,099,336 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/20 17:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/05/13 04:54:10 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2004/10/08 08:33:46 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/08/10 14:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 14:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/10 14:00:00 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2004/08/10 14:00:00 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx)
DRV - [2004/08/10 14:00:00 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2)
DRV - [2004/08/10 14:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2004/08/10 14:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2004/08/10 14:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240)
DRV - [2004/08/10 14:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2004/08/10 14:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2004/08/10 14:00:00 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt)
DRV - [2004/08/10 14:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/10 14:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 14:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/10 14:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 14:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 14:00:00 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2)
DRV - [2004/08/10 14:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2004/08/10 14:00:00 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn)
DRV - [2004/08/10 14:00:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5)
DRV - [2004/08/10 14:00:00 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p)
DRV - [2004/08/10 14:00:00 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2004/08/10 14:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 14:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 14:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 14:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/10 14:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2004/08/10 14:00:00 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u)
DRV - [2004/08/10 14:00:00 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)
DRV - [2004/08/10 14:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2004/08/10 14:00:00 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt)
DRV - [2004/08/10 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/10 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf)
DRV - [2004/08/10 14:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x)
DRV - [2004/08/10 14:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint)
DRV - [2004/08/10 14:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/10 14:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/10 14:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/10 14:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt)
DRV - [2004/08/10 14:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/10 14:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/10 14:00:00 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib)
DRV - [2004/08/10 14:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2004/08/10 14:00:00 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde)
DRV - [2004/08/10 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/10 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/10 14:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/10 14:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/10 14:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2004/08/10 13:45:04 | 000,011,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mhndrv.sys -- (MHNDRV)
DRV - [2004/08/03 17:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 08:52:30 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2001/08/17 07:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 07:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/05/12 14:43:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/23 13:21:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/26 05:46:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\


O1 HOSTS File: ([2011/01/03 15:33:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\default\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/14 16:19:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/08 12:14:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/01/08 10:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\New Folder
[2011/01/07 18:15:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/06 18:36:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2011/01/05 14:58:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/03 15:27:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/01/03 01:50:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/03 01:50:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/03 01:50:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/03 01:49:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/03 01:49:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/29 17:20:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/12/29 17:19:03 | 000,553,984 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2010/12/29 17:18:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/25 11:13:25 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

========== Files - Modified Within 30 Days ==========

[2011/01/12 15:38:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/12 01:29:52 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/12 01:26:47 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/07 22:08:46 | 000,000,199 | RHS- | M] () -- C:\Boot.ini
[2011/01/05 14:10:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/03 15:33:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/03 01:54:19 | 000,442,334 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/03 01:54:19 | 000,071,912 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/31 00:54:35 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2011/01/08 05:37:22 | 000,000,199 | RHS- | C] () -- C:\Boot.ini
[2011/01/07 18:14:01 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/03 01:50:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/03 01:50:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/03 01:50:02 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/03 01:50:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/03 01:50:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 12:21:10 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/23 13:24:13 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/11 13:42:43 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2008/11/11 13:38:10 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2008/06/23 05:09:39 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2008/06/23 05:09:39 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2008/06/23 05:09:39 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2008/06/23 05:09:39 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2008/06/23 05:09:39 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2008/06/23 05:09:39 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2008/06/23 04:32:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2008/06/19 10:49:09 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\igfxTMM.dll
[2008/06/19 10:49:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v1244.dll
[2006/01/17 13:28:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/14 15:00:09 | 000,000,441 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/01/14 08:10:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2010/10/23 10:06:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Ilubol
[2010/10/07 09:57:49 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Maus
[2010/10/09 04:24:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Uhzena
[2010/10/13 12:24:22 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Ulmy
[2011/01/12 01:29:52 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/10/24 00:21:21 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2E16A703-F1B3-4340-B56D-A79C454F9DE3}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: DHCPCSVC.DLL >
[2006/05/19 08:46:40 | 000,112,128 | ---- | M] (Microsoft Corporation) MD5=3F15A1DBD86F7BDAF404648282D11ECE -- C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll
[2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) MD5=5E38D7684A49CACFB752B046357E0589 -- C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll
[2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) MD5=5E38D7684A49CACFB752B046357E0589 -- C:\WINDOWS\system32\dhcpcsvc.dll
[2004/08/10 14:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=CB6CA3E5261D65F6F809EED23BF167AA -- C:\WINDOWS\$NtUninstallKB914388$\dhcpcsvc.dll
[2006/05/19 07:59:41 | 000,111,616 | ---- | M] (Microsoft Corporation) MD5=EF545E1A4B043DA4C84E230DD471C55F -- C:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll

< MD5 for: MSCOREE.DLL >
[2003/02/21 05:06:24 | 000,155,648 | ---- | M] (Microsoft Corporation) MD5=4C702AEA1C11D15C176C2C276D0907DD -- C:\WINDOWS\system32\URTTemp\mscoree.dll
[2007/06/27 07:55:10 | 000,131,072 | ---- | M] (Microsoft Corporation) MD5=728872974B29F2C688073ECA7101221A -- C:\WINDOWS\ServicePackFiles\i386\mscoree.dll
[2007/06/27 07:55:10 | 000,131,072 | ---- | M] (Microsoft Corporation) MD5=728872974B29F2C688073ECA7101221A -- C:\WINDOWS\system32\mscoree.dll

< MD5 for: MSCORWKS.DLL >
[2010/05/11 00:40:26 | 005,812,560 | ---- | M] (Microsoft Corporation) MD5=4ED92DC066A4DF8384A3E34E03F440FC -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
[2007/12/17 06:59:26 | 002,281,472 | ---- | M] (Microsoft Corporation) MD5=63CD499523AA4F004CC9E3C9CF601415 -- C:\WINDOWS\ServicePackFiles\i386\mscorwks.dll
[2004/07/20 04:54:14 | 002,269,184 | ---- | M] (Microsoft Corporation) MD5=689AF2A5DFCA5A95C3709C8E3093F22A -- C:\WINDOWS\$NtUninstallKB930494$\mscorwks.dll
[2010/09/22 20:26:20 | 002,514,944 | ---- | M] (Microsoft Corporation) MD5=74D879F95A0249E7007F6D94BD069C32 -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
[2009/06/23 16:00:32 | 002,281,472 | ---- | M] (Microsoft Corporation) MD5=89665AF44EABD6A49A4B776A6F8BFA81 -- C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
[2003/02/21 05:08:32 | 002,482,176 | ---- | M] (Microsoft Corporation) MD5=D928FFABCE0AC9D69FEF1F645C6C7B1D -- C:\WINDOWS\system32\URTTemp\mscorwks.dll
[2007/01/02 10:28:46 | 002,281,472 | ---- | M] (Microsoft Corporation) MD5=E3AB3C65A2029A4626BFBEB6BA676769 -- C:\WINDOWS\$NtUninstallKB953295$\mscorwks.dll

< MD5 for: TCPIP.SYS >
[2008/06/20 05:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007/10/30 11:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 05:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007/10/30 12:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008/04/13 14:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 14:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/10 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< End of report >
  • 0

#120
JSntgRvr
Posted 12 January 2011 - 05:03 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
We still have a couple services that are not running. Lets attempt to reinstall the Internet Protocol.

Please reinstall the Internet Protocol.

Step 1: Delete the corrupted registry keys

Download the enclosed file. [attachment=47139:DeleteWinsock.zip]Save and extract its contents to the sick computer. Once in the sick computer cliack on the DeleteWinsock.bat file.

Note: Restart the computer after you have ran the batch file. Doing so causes the Windows XP operating system to create new shell entries for those two keys. If you do not restart the computer after you have ran the batch file, the next steps wont work correctly.

Step 2: Install TCP/IP

  • Enter your Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
  • Usually Local Area Connection for Cable and DSL, or AOL Connection.
  • Left click on Properties
  • Click Install.
  • Click Protocol, and then click Add.
  • Click Have Disk.
  • Type C:\Windows\inf, or browse to that folder, and then click OK.
  • On the list of available protocols, click Internet Protocol (TCP/IP), and then click OK.

If Internet Protocol (TCP/IP) does not appear, follow these steps:

a. Click Start, and then click Search.
b. In the Search Companion pane, click More advanced options.
c. Click to select the following three check boxes:• Search system folders

• Search hidden files and folders
• Search subfolders


d. In the All or part of the file name box, type nettcpip.inf, and then click Search.
e. In the results pane, right-click Nettcpip.inf, and then click Install.


7. Restart the computer.

Keep me posted.

If that fails to connect you to the Internet, uninstall the network adapter(s) in Device Manager:

  • Right-click My Computer, click Properties, click the Hardware tab, and then click Device Manager.
  • To see the list of installed network adapters, click on the + sign next to Network adapter(s). Right click on the adapters listed therein, and then click Uninstall.
  • Restart the computer, and then let the system automatically detect and install the network adapter drivers.

Note: This step detects and corrects corrupted registry entries on network adapter bindings. Perform this step if all other troubleshooting steps do not resolve your issue.

Keep me posted.
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


    Bing (1)
  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP