Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus with colon in name, Can't use proccessexplorer


  • Please log in to reply

#1
supremeone77

supremeone77

    Member

  • Member
  • PipPip
  • 16 posts
I was browsing today, sites i always go to, nothing like xxx type sites etc.. but yeah. Java.exe loads up in the background, i knew something was going to get screwed up, i tried to open task manager to close java but it was too late. I see the familiar random number named .exe file. This time it has a colon in the name so its like 4216881:132345.exe. It closed my eset nod32, after a reboot.

-- heres rundown of what i did
I've tried running process explorer to find out where its located. But it closes instantly after running. And of course if i try to open it again it says i don't have permissions. Even if I reset permissions afterwards, it keeps happening.

I was able to run hijackthis for a 1-2 seconds after it starts to scan and than that closes. I did do a print screen and noticed some 127.0.9 or something proxy server mentioned for internet explorer.

I tried to do a search for recent files created, and I got a bsod: page fault in nonpaged area.

I searched for first part of name (did google search and found someone else who did that), and there was a registry entry and i deleted that but i dont think it'll do anything.. Nothing shows up in msconfig btw.

I tried running killbox and that didn't work. Couldn't close exe file. Unlocker also didn't work.


I dont know what to do. I've just about run out of ideas because this one seems to be untraceable. I'm thinking of trying safe mode, combofix, malwarebytes in safe mode maybe, and maybe ubcd4win for some scanning. But ya this seems impossible. I dont understand how a virus can run without showing up in msconfig or somewhere else. There has to be some way to make sure only specific files run on startup. Any ideas on what to do? I want to get my sanity back and nip this in the bud.

btw i hate java.exe, all viruses i get seem to come after that loads by itself in systray.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Sounds like Zero Access.

For the proxy stuff:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Combofix is the method of choice:

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program. (XP just double click)



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue (XP only). When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will also be created at => C:\Combofix.txt. I'll need to see that or the one you saved in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator (XP just double click)

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click the aswMBR.exe and Run As Administrator to run it (XP just double click)
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
supremeone77

supremeone77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
i can't stop nod32 smart security.. i have the krn32 process thing running. Doesn't show up in task manager but combofix detects it. I can't think of any way to turn it off but to use msconfig (but googling showed that it failed for someone else). So only other option i can think of is using UBCD4win to delete the kernel file temporarily. Going to try that
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Zero Access likes to replace the anti-virus with itself so uninstalling Nod32 may be required.

Ron
  • 0

#5
supremeone77

supremeone77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
well ubcd4win couldn't delete it for some reason. Couldn't believe it. Never thought I'd get access denied errors with that. Any ideas? Im concerned about running combofix with nod32 running, it said you can do so at your own risk. And I can't load the nod32 gui to temporarily disable it, because of the rootkit closing it automatically. All the permissions are hardset too it seems.

edit: ok, ill try uninstalling

Edited by supremeone77, 27 September 2011 - 08:32 AM.

  • 0

#6
supremeone77

supremeone77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
okay i uninstalled nod32, and got combofix going but hit a snag.. Basically my pc won't boot past the PCI device listing screen. Only boots from a cd if i do that. Going to check using ubcd4win to see if boot.ini is damaged. I did go to windows xp recovery program and go to fixboot. Still same thing.

Heres what happened:
I noticed my internet status said it wasn't connecting so i figured it was off. And combofix mentioned about needing to download microsoft recovery console to fix more serious infections. I than looked for a way to manually do it and i tried what microsoft.com recommended, installing from windows xp cd. And it said it was copying files but it went like that for a real long time like 5 minutes or more. So I figured it said it was downloading stuff, that maybe internet worked. So I canceled the microsoft thing, and it said "undoing changes to system", and than i let combofix try to do it. It installed recovery console and than it said it detected rootkit activity and recommended a reboot. Now I'm stuck at PCI device listings, everytime. Please help.. this is going worse than planned.
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Boot into the Recovery Console and run

fixmbr

then

fixboot

see if that helps.

Ron
  • 0

#8
supremeone77

supremeone77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
didn't work. I also tried batch erdnt.con to get hiv-backup restored but that didn't work either. Got access denied errors. Im stuck now. All I can think about is trying a repair install but i hate to do that
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Two programmes to download

First

ISOBurner this will allow you to burn REATOGO-X-PE ISO to a cd and make it bootable. Just install the programme, from there on in it is fairly automatic. Instructions

Second

  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the C:\OTL.txt file in your reply.

Another thing you can do is to reinstall to a new folder say windows2. Then you have a dual boot system with the old stuff still there. IF we are able to remove the malware and get it to boot again to the first install then you can remove the second install.

Ron
  • 0

#10
supremeone77

supremeone77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
got log file just now. Here it is below.. I'd be happy to get rid of the malware, but I still don't see any other solution besides doing a new install or a repair install to get pc to boot again. I don't think the rootkit is stopping the pc from booting but maybe. Also thanks for the help so far, I'm way out of my league here, never had a rootkit virus before.


OTL logfile created on: 9/27/2011 10:39:44 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 1500D:\pagefile.sys 2 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 217.23 Gb Total Space | 7.94 Gb Free Space | 3.66% Space Free | Partition Type: NTFS
Drive D: | 698.64 Gb Total Space | 71.17 Gb Free Space | 10.19% Space Free | Partition Type: NTFS
Drive E: | 1.91 Gb Total Space | 0.03 Gb Free Space | 1.37% Space Free | Partition Type: FAT
Drive F: | 68.97 Gb Total Space | 1.99 Gb Free Space | 2.89% Space Free | Partition Type: NTFS
Drive G: | 11.89 Gb Total Space | 0.21 Gb Free Space | 1.74% Space Free | Partition Type: NTFS
Drive H: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 931.51 Gb Total Space | 764.94 Gb Free Space | 82.12% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (xmlprov)
SRV - File not found [On_Demand] -- -- (WZCSVC)
SRV - File not found [Auto] -- -- (WUSB54Gv2SVC)
SRV - File not found [On_Demand] -- -- (WudfSvc)
SRV - File not found [Auto] -- -- (wuauserv)
SRV - File not found [Auto] -- -- (wscsvc)
SRV - File not found [On_Demand] -- -- (WPFFontCache_v0400)
SRV - File not found [On_Demand] -- -- (WmiApSrv)
SRV - File not found [On_Demand] -- -- (Wmi)
SRV - File not found [On_Demand] -- -- (WmdmPmSN)
SRV - File not found [Auto] -- -- (winmgmt)
SRV - File not found [Disabled] -- -- (WebClient)
SRV - File not found [Auto] -- -- (w32time)
SRV - File not found [On_Demand] -- -- (VSS)
SRV - File not found [Disabled] -- -- (Viewpoint Manager Service)
SRV - File not found [On_Demand] -- -- (usnjsvc)
SRV - File not found [On_Demand] -- -- (UPS)
SRV - File not found [Disabled] -- -- (upnphost)
SRV - File not found [On_Demand] -- -- (UMWdf)
SRV - File not found [Disabled] -- -- (UleadBurningHelper)
SRV - File not found [Auto] -- -- (TrkWks)
SRV - File not found [Disabled] -- -- (tmproxy)
SRV - File not found [Disabled] -- -- (TmPfw)
SRV - File not found [Disabled] -- -- (Tmntsrv)
SRV - File not found [On_Demand] -- -- (TlntSvr)
SRV - File not found [Disabled] -- -- (Themes)
SRV - File not found [On_Demand] -- -- (TermService)
SRV - File not found [On_Demand] -- -- (TapiSrv)
SRV - File not found [Disabled] -- -- (SysmonLog)
SRV - File not found [Auto] -- -- (SymWSC)
SRV - File not found [On_Demand] -- -- (SwPrv)
SRV - File not found [Auto] -- -- (stisvc) Windows Image Acquisition (WIA)
SRV - File not found [Auto] -- -- (StarWindService)
SRV - File not found [On_Demand] -- -- (SSDPSRV)
SRV - File not found [Auto] -- -- (srservice)
SRV - File not found [Auto] -- -- (Spooler)
SRV - File not found [On_Demand] -- -- (SNDSrvc)
SRV - File not found [Disabled] -- -- (SlingAgentService)
SRV - File not found [Disabled] -- -- (ShellHWDetection)
SRV - File not found [Auto] -- -- (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS)
SRV - File not found [Auto] -- -- (SENS)
SRV - File not found [Auto] -- -- (seclogon)
SRV - File not found [On_Demand] -- -- (ScsiAccess)
SRV - File not found [Disabled] -- -- (Scheentfiln)
SRV - File not found [Auto] -- -- (Schedule)
SRV - File not found [On_Demand] -- -- (SCardSvr)
SRV - File not found [Disabled] -- -- (SCardDrv)
SRV - File not found [Auto] -- -- (SamSs)
SRV - File not found [Disabled] -- -- (RSVP)
SRV - File not found [Auto] -- -- (RpcSs) Remote Procedure Call (RPC)
SRV - File not found [On_Demand] -- -- (RpcLocator) Remote Procedure Call (RPC)
SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Disabled] -- -- (RemoteRegistry)
SRV - File not found [Disabled] -- -- (RemoteAccess)
SRV - File not found [On_Demand] -- -- (RDSessMgr)
SRV - File not found [On_Demand] -- -- (RasMan)
SRV - File not found [On_Demand] -- -- (RasAuto)
SRV - File not found [Auto] -- -- (ProtectedStorage)
SRV - File not found [On_Demand] -- -- (PolicyAgent)
SRV - File not found [Auto] -- -- (PlugPlay)
SRV - File not found [Disabled] -- -- (PcCtlCom)
SRV - File not found [On_Demand] -- -- (ose)
SRV - File not found [On_Demand] -- -- (odserv)
SRV - File not found [Auto] -- -- (nvsvc)
SRV - File not found [On_Demand] -- -- (NtmsSvc)
SRV - File not found [On_Demand] -- -- (NtLmSsp)
SRV - File not found [Disabled] -- -- (NMIndexingService)
SRV - File not found [On_Demand] -- -- (Nla) Network Location Awareness (NLA)
SRV - File not found [Disabled] -- -- (NetTcpPortSharing)
SRV - File not found [On_Demand] -- -- (Netman)
SRV - File not found [Disabled] -- -- (Netlogon)
SRV - File not found [Disabled] -- -- (NetDDEdsdm)
SRV - File not found [Disabled] -- -- (NetDDE)
SRV - File not found [On_Demand] -- -- (NBService)
SRV - File not found [On_Demand] -- -- (napagent)
SRV - File not found [On_Demand] -- -- (MSIServer)
SRV - File not found [On_Demand] -- -- (MSDTC)
SRV - File not found [On_Demand] -- -- (mnmsrvc)
SRV - File not found [Disabled] -- -- (Messenger)
SRV - File not found [Disabled] -- -- (MDM)
SRV - File not found [On_Demand] -- -- (Macromedia Licensing Service)
SRV - File not found [Auto] -- -- (LVSrvLauncher)
SRV - File not found [Auto] -- -- (LVPrcSrv)
SRV - File not found [Auto] -- -- (LVCOMSer)
SRV - File not found [Auto] -- -- (LmHosts)
SRV - File not found [Auto] -- -- (LanmanWorkstation)
SRV - File not found [Auto] -- -- (lanmanserver)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Disabled] -- -- (Iomega App Services)
SRV - File not found [Disabled] -- -- (Iomega Activity Disk2)
SRV - File not found [On_Demand] -- -- (ImapiService)
SRV - File not found [On_Demand] -- -- (idsvc)
SRV - File not found [On_Demand] -- -- (IDriverT)
SRV - File not found [On_Demand] -- -- (HTTPFilter)
SRV - File not found [On_Demand] -- -- (hkmsvc)
SRV - File not found [On_Demand] -- -- (HidServ)
SRV - File not found [Disabled] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand] -- -- (FontCache3.0.0.0)
SRV - File not found [On_Demand] -- -- (FLEXnet Licensing Service)
SRV - File not found [Auto] -- -- (FastUserSwitchingCompatibility)
SRV - File not found [Disabled] -- -- (ewido security suite guard)
SRV - File not found [Disabled] -- -- (ewido security suite control)
SRV - File not found [On_Demand] -- -- (EventSystem)
SRV - File not found [Auto] -- -- (Eventlog)
SRV - File not found [Auto] -- -- (ERSvc)
SRV - File not found [On_Demand] -- -- (EapHost)
SRV - File not found [Auto] -- -- (DragonSvc)
SRV - File not found [On_Demand] -- -- (Dot3svc)
SRV - File not found [Auto] -- -- (Dnscache)
SRV - File not found [Auto] -- -- (dmserver)
SRV - File not found [On_Demand] -- -- (dmadmin)
SRV - File not found [Auto] -- -- (DM1Service)
SRV - File not found [Auto] -- -- (Dhcp)
SRV - File not found [Auto] -- -- (DcomLaunch)
SRV - File not found [Auto] -- -- (CryptSvc)
SRV - File not found [Auto] -- -- (Creative Service for CDROM Access)
SRV - File not found [On_Demand] -- -- (COMSysApp)
SRV - File not found [Auto] -- -- (clr_optimization_v4.0.30319_32)
SRV - File not found [Disabled] -- -- (clr_optimization_v2.0.50727_32)
SRV - File not found [On_Demand] -- -- (ClipSrv)
SRV - File not found [On_Demand] -- -- (CiSvc)
SRV - File not found [Auto] -- -- (Browser)
SRV - File not found [Disabled] -- -- (Bonjour Service)
SRV - File not found [On_Demand] -- -- (BITS)
SRV - File not found [Auto] -- -- (AudioSrv)
SRV - File not found [Disabled] -- -- (ATI Smart)
SRV - File not found [Disabled] -- -- (Ati HotKey Poller)
SRV - File not found [On_Demand] -- -- (aspnet_state)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - File not found [Disabled] -- -- (Apple Mobile Device)
SRV - File not found [On_Demand] -- -- (ALG)
SRV - File not found [Auto] -- -- (Alerter)
SRV - File not found [Disabled] -- -- (Akamai)
SRV - File not found [Disabled] -- -- (afcdpsrv)
SRV - File not found [On_Demand] -- -- (Adobe LM Service)
SRV - File not found [Disabled] -- -- (AcrSch2Svc)
SRV - [2011/04/26 05:21:06 | 000,014,848 | ---- | M] () [On_Demand] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/10/01 23:55:40 | 001,733,968 | ---- | M] (Diskeeper Corporation) [Disabled] -- C:\Program Files\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2010/08/10 13:26:40 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV - [2010/08/10 13:26:30 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2009/09/29 13:03:46 | 000,735,960 | ---- | M] () [Auto] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/09/22 17:31:56 | 000,856,064 | ---- | M] () [Disabled] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/05/28 09:32:26 | 000,053,760 | ---- | M] (tzuk) [Auto] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/04/03 14:37:22 | 000,145,408 | ---- | M] (Monsoon Multimedia Inc.) [Disabled] -- C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe -- (havasvc)
SRV - [2009/03/13 06:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Disabled] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/04/13 23:42:04 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto] -- G:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/09/11 18:10:18 | 000,184,504 | ---- | M] (SiSoftware) [On_Demand] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007/09/11 18:10:08 | 001,265,856 | ---- | M] (SiSoftware) [On_Demand] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/04/23 11:18:44 | 000,491,520 | ---- | M] (Locktime Software) [On_Demand] -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe -- (nlsvc)
SRV - [2007/02/10 11:46:00 | 000,262,144 | ---- | M] (TODO: <Company name>) [Disabled] -- C:\Program Files\BrigSoft\AdminHttpTimeSync\AdminHttpTimeServ.exe -- (BS_AdminHttpTimeSync)
SRV - [2004/04/23 15:54:14 | 000,173,568 | ---- | M] ([XC]D-Ice) [Disabled] -- C:\Program Files\ccxgui\ccXservice.exe -- (ccXgui)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (xusb21)
DRV - File not found [Kernel | On_Demand] -- -- (xnacc)
DRV - File not found [Kernel | On_Demand] -- -- (xbreader) MaxDrive XBox Driver (xbreader.sys)
DRV - File not found [Kernel | On_Demand] -- -- (WudfRd)
DRV - File not found [Kernel | On_Demand] -- -- (WudfPf)
DRV - File not found [Kernel | System] -- -- (WS2IFSL)
DRV - File not found [Kernel | On_Demand] -- -- (WmXlCore)
DRV - File not found [Kernel | On_Demand] -- -- (WmVirHid)
DRV - File not found [Kernel | On_Demand] -- -- (WmFilter)
DRV - File not found [Kernel | On_Demand] -- -- (WmBEnum)
DRV - File not found [Kernel | Auto] -- -- (wdusb)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Wdf01000)
DRV - File not found [Kernel | On_Demand] -- -- (Wanarp)
DRV - File not found [Kernel | Auto] -- -- (Vsapint)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | Boot] -- -- (ViaIde)
DRV - File not found [Kernel | Boot] -- -- (viaagp1)
DRV - File not found [Kernel | Boot] -- -- (viaagp)
DRV - File not found [Kernel | System] -- -- (VgaSave)
DRV - File not found [Kernel | On_Demand] -- -- (vdiskbus)
DRV - File not found [Kernel | Auto] -- -- (Vcs)
DRV - File not found [Kernel | On_Demand] -- -- (usbuhci)
DRV - File not found [Kernel | On_Demand] -- -- (USBSTOR)
DRV - File not found [Kernel | On_Demand] -- -- (usbohci)
DRV - File not found [Kernel | On_Demand] -- -- (usbehci)
DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL)
DRV - File not found [Kernel | Unavailable] -- -- (UnlockerDriver5)
DRV - File not found [Kernel | System] -- -- (tmtdi)
DRV - File not found [Kernel | Auto] -- -- (Tmpreflt)
DRV - File not found [Kernel | Auto] -- -- (Tmfilter)
DRV - File not found [Kernel | Auto] -- -- (tm_cfw)
DRV - File not found [Kernel | Boot] -- -- (timounter)
DRV - File not found [File_System | Auto] -- -- (tifsfilter)
DRV - File not found [File_System | Auto] -- -- (tfsnudfa)
DRV - File not found [File_System | Auto] -- -- (tfsnudf)
DRV - File not found [File_System | Auto] -- -- (tfsnpool)
DRV - File not found [File_System | Auto] -- -- (tfsnopio)
DRV - File not found [File_System | Auto] -- -- (tfsnifs)
DRV - File not found [File_System | Auto] -- -- (tfsndres)
DRV - File not found [File_System | Auto] -- -- (tfsndrct)
DRV - File not found [File_System | Auto] -- -- (tfsncofs)
DRV - File not found [File_System | Auto] -- -- (tfsnboio)
DRV - File not found [Kernel | System] -- -- (TermDD)
DRV - File not found [Kernel | On_Demand] -- -- (TDTCP)
DRV - File not found [Kernel | Boot] -- -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - File not found [Kernel | On_Demand] -- -- (TDPIPE)
DRV - File not found [Kernel | On_Demand] -- -- (taphss)
DRV - File not found [Kernel | On_Demand] -- -- (tapgamerail)
DRV - File not found [Kernel | On_Demand] -- -- (tap0901)
DRV - File not found [Kernel | System] -- -- (SYMTDI)
DRV - File not found [Kernel | On_Demand] -- -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand] -- -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand] -- -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand] -- -- (SYMIDS)
DRV - File not found [Kernel | On_Demand] -- -- (SYMFW)
DRV - File not found [Kernel | On_Demand] -- -- (SymEvent)
DRV - File not found [Kernel | On_Demand] -- -- (SYMDNS)
DRV - File not found [Kernel | On_Demand] -- -- (streamip)
DRV - File not found [Kernel | On_Demand] -- -- (st3tiger)
DRV - File not found [Kernel | On_Demand] -- -- (st3tgbus)
DRV - File not found [File_System | System] -- -- (ssrtln)
DRV - File not found [File_System | System] -- -- (sscdbhk5)
DRV - File not found [File_System | On_Demand] -- -- (Srv)
DRV - File not found [File_System | Boot] -- -- (sr)
DRV - File not found [Kernel | Boot] -- -- (sptd)
DRV - File not found [Kernel | On_Demand] -- -- (splitter)
DRV - File not found [Kernel | Boot] -- -- (speedfan)
DRV - File not found [Kernel | On_Demand] -- -- (Sntnlusb)
DRV - File not found [Kernel | Boot] -- -- (snapman)
DRV - File not found [Kernel | On_Demand] -- -- (SLIP)
DRV - File not found [Kernel | System] -- -- (Sfloppy)
DRV - File not found [Kernel | System] -- -- (Serial)
DRV - File not found [Kernel | On_Demand] -- -- (serenum)
DRV - File not found [Kernel | Auto] -- -- (Sentinel)
DRV - File not found [Kernel | On_Demand] -- -- (Secdrv)
DRV - File not found [Kernel | Auto] -- -- (Scutum50)
DRV - File not found [Kernel | System] -- -- (SCDEmu)
DRV - File not found [Kernel | Auto] -- -- (RtNdPt5x)
DRV - File not found [Kernel | On_Demand] -- -- (RTLVLAN)
DRV - File not found [Kernel | On_Demand] -- -- (RTLTEAMING)
DRV - File not found [Kernel | On_Demand] -- -- (RTLE8023xp)
DRV - File not found [Kernel | On_Demand] -- -- (RT73)
DRV - File not found [Kernel | On_Demand] -- -- (rt2870)
DRV - File not found [Kernel | Auto] -- -- (rspndr)
DRV - File not found [Kernel | On_Demand] -- -- (RivaTuner)
DRV - File not found [Kernel | On_Demand] -- -- (RDPWD)
DRV - File not found [Kernel | On_Demand] -- -- (rdpdr)
DRV - File not found [Kernel | System] -- -- (RDPCDD)
DRV - File not found [File_System | System] -- -- (Rdbss)
DRV - File not found [Kernel | On_Demand] -- -- (razerusb)
DRV - File not found [Kernel | On_Demand] -- -- (Razerlow)
DRV - File not found [Kernel | On_Demand] -- -- (Raspti)
DRV - File not found [Kernel | On_Demand] -- -- (RasPppoe)
DRV - File not found [Kernel | On_Demand] -- -- (Rasl2tp) WAN Miniport (L2TP)
DRV - File not found [Kernel | System] -- -- (RasAcd)
DRV - File not found [Kernel | Boot] -- -- (PxHelp20)
DRV - File not found [Kernel | On_Demand] -- -- (Ptilink)
DRV - File not found [Kernel | On_Demand] -- -- (PSSdk23)
DRV - File not found [Kernel | On_Demand] -- -- (PSched)
DRV - File not found [Kernel | System] -- -- (Processor)
DRV - File not found [Kernel | On_Demand] -- -- (PRISM_A02)
DRV - File not found [Kernel | System] -- -- (PQNTDrv)
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN Miniport (PPTP)
DRV - File not found [Kernel | Auto] -- -- (PfModNT)
DRV - File not found [Kernel | On_Demand] -- -- (pfc)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand] -- -- (Pcouffin)
DRV - File not found [Kernel | Boot] -- -- (PCIIde)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (PCI)
DRV - File not found [Kernel | On_Demand] -- -- (PBDOWNFORCE_SERVICE)
DRV - File not found [Kernel | Auto] -- -- (ParVdm)
DRV - File not found [Kernel | Boot] -- -- (PartMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Parport)
DRV - File not found [Kernel | Auto] -- -- (OlCamudp)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (nvnforce) Service for NVIDIA® nForce™
DRV - File not found [Kernel | On_Demand] -- -- (NVENET)
DRV - File not found [Kernel | On_Demand] -- -- (nvax) Service for NVIDIA® nForce™
DRV - File not found [Kernel | Boot] -- -- (nvatabus)
DRV - File not found [Kernel | On_Demand] -- -- (nv)
DRV - File not found [Kernel | System] -- -- (Null)
DRV - File not found [Kernel | On_Demand] -- -- (nthwio)
DRV - File not found [Kernel | On_Demand] -- -- (NSNDIS5)
DRV - File not found [File_System | System] -- -- (Npfs)
DRV - File not found [Kernel | On_Demand] -- -- (NPF)
DRV - File not found [Kernel | On_Demand] -- -- (nm)
DRV - File not found [Kernel | System] -- -- (nltdi)
DRV - File not found [Kernel | On_Demand] -- -- (NIC1394)
DRV - File not found [Kernel | System] -- -- (NetBT)
DRV - File not found [File_System | System] -- -- (NetBIOS)
DRV - File not found [Kernel | On_Demand] -- -- (NDProxy)
DRV - File not found [Kernel | On_Demand] -- -- (NdisWan)
DRV - File not found [Kernel | On_Demand] -- -- (Ndisuio)
DRV - File not found [Kernel | On_Demand] -- -- (NdisTapi)
DRV - File not found [Kernel | On_Demand] -- -- (NdisIP)
DRV - File not found [Kernel | Boot] -- -- (NDIS)
DRV - File not found [File_System | Boot] -- -- (Mup)
DRV - File not found [File_System | System] -- -- (Msfs)
DRV - File not found [Kernel | On_Demand] -- -- (ms_mpu401)
DRV - File not found [File_System | System] -- -- (MRxSmb)
DRV - File not found [File_System | On_Demand] -- -- (MRxDAV)
DRV - File not found [Kernel | Auto] -- -- (MP3_Driver)
DRV - File not found [Kernel | Boot] -- -- (MountMgr)
DRV - File not found [Kernel | On_Demand] -- -- (mouhid)
DRV - File not found [Kernel | System] -- -- (Mouclass)
DRV - File not found [Kernel | On_Demand] -- -- (Modem)
DRV - File not found [Kernel | System] -- -- (mnmdd)
DRV - File not found [File_System | Boot] -- -- (MFX)
DRV - File not found [Kernel | Auto] -- -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - File not found [Kernel | On_Demand] -- -- (LVUVC) QuickCam for Notebooks Pro(UVC)
DRV - File not found [Kernel | On_Demand] -- -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand] -- -- (LVPr2Mon)
DRV - File not found [Kernel | On_Demand] -- -- (lvpopflt)
DRV - File not found [Kernel | On_Demand] -- -- (LVMVDrv)
DRV - File not found [Kernel | On_Demand] -- -- (LVcKap)
DRV - File not found [Kernel | On_Demand] -- -- (LMouFlt2)
DRV - File not found [Kernel | On_Demand] -- -- (LHidUsb)
DRV - File not found [Kernel | On_Demand] -- -- (LHidFlt2)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (L8042pr2)
DRV - File not found [Kernel | Boot] -- -- (KSecDD)
DRV - File not found [Kernel | System] -- -- (kbdhid)
DRV - File not found [Kernel | System] -- -- (Kbdclass)
DRV - File not found [Kernel | On_Demand] -- -- (Jukebox3)
DRV - File not found [Kernel | On_Demand] -- -- (iteio)
DRV - File not found [Kernel | Boot] -- -- (isapnp)
DRV - File not found [Kernel | On_Demand] -- -- (IRENUM)
DRV - File not found [Kernel | System] -- -- (IPSec)
DRV - File not found [Kernel | On_Demand] -- -- (IpNat)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (IpFilterDriver)
DRV - File not found [Kernel | On_Demand] -- -- (Ip6Fw)
DRV - File not found [Kernel | Boot] -- -- (iomdisk)
DRV - File not found [Kernel | System] -- -- (intelppm)
DRV - File not found [Kernel | On_Demand] -- -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | System] -- -- (Imapi)
DRV - File not found [Kernel | System] -- -- (IDMTDI)
DRV - File not found [Kernel | System] -- -- (i8042prt)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HTTP)
DRV - File not found [Kernel | System] -- -- (hpcd2k)
DRV - File not found [Kernel | Boot] -- -- (hotcore3)
DRV - File not found [Kernel | On_Demand] -- -- (HDAudBus)
DRV - File not found [Kernel | On_Demand] -- -- (HavaTV_10)
DRV - File not found [Kernel | On_Demand] -- -- (HAVATV)
DRV - File not found [Kernel | On_Demand] -- -- (havanet)
DRV - File not found [Kernel | On_Demand] -- -- (havabus)
DRV - File not found [Kernel | On_Demand] -- -- (GTNDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (Gpc)
DRV - File not found [Kernel | Boot] -- -- (giveio)
DRV - File not found [Kernel | On_Demand] -- -- (GEARAspiWDM)
DRV - File not found [Kernel | On_Demand] -- -- (gdrv)
DRV - File not found [Kernel | Boot] -- -- (Ftdisk)
DRV - File not found [Recognizer | System] -- -- (Fs_Rec)
DRV - File not found [Kernel | On_Demand] -- -- (Freedom)
DRV - File not found [File_System | Boot] -- -- (FltMgr)
DRV - File not found [Kernel | On_Demand] -- -- (Flpydisk)
DRV - File not found [Kernel | System] -- -- (Fips)
DRV - File not found [Kernel | On_Demand] -- -- (FilterService)
DRV - File not found [Kernel | On_Demand] -- -- (FETNDIS)
DRV - File not found [Kernel | System] -- -- (FDCENT)
DRV - File not found [Kernel | On_Demand] -- -- (Fdc)
DRV - File not found [Kernel | System] -- -- (ewido security suite driver)
DRV - File not found [Kernel | On_Demand] -- -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - File not found [Kernel | System] -- -- (epfwtdir)
DRV - File not found [Kernel | On_Demand] -- -- (ENTECH)
DRV - File not found [Kernel | System] -- -- (ElbyCDIO)
DRV - File not found [Kernel | On_Demand] -- -- (ElbyCDFL)
DRV - File not found [Kernel | On_Demand] -- -- (EL90Xbc)
DRV - File not found [Kernel | System] -- -- (ehdrv)
DRV - File not found [File_System | Auto] -- -- (eamon)
DRV - File not found [Kernel | On_Demand] -- -- (dtscsi)
DRV - File not found [File_System | Auto] -- -- (drvnddm)
DRV - File not found [Kernel | Boot] -- -- (drvmcdb)
DRV - File not found [Kernel | On_Demand] -- -- (drmkaud)
DRV - File not found [Kernel | Boot] -- -- (dmload)
DRV - File not found [Kernel | Boot] -- -- (dmio)
DRV - File not found [File_System | On_Demand] -- -- (DKRtWrt)
DRV - File not found [Kernel | Boot] -- -- (Disk)
DRV - File not found [File_System | Auto] -- -- (DefragFS)
DRV - File not found [Kernel | Boot] -- -- (d347prt)
DRV - File not found [Kernel | Boot] -- -- (d347bus)
DRV - File not found [Kernel | On_Demand] -- -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- -- (Cdrom)
DRV - File not found [Kernel | System] -- -- (Cdaudio)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (BridgeMP)
DRV - File not found [Kernel | On_Demand] -- -- (Bridge)
DRV - File not found [Kernel | On_Demand] -- -- (BoosterKey)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - File not found [Kernel | On_Demand] -- -- (BCM43XX)
DRV - File not found [Kernel | On_Demand] -- -- (audstub)
DRV - File not found [Kernel | On_Demand] -- -- (Atmarpc)
DRV - File not found [Kernel | System] -- -- (atitray)
DRV - File not found [Kernel | On_Demand] -- -- (ati2mtag)
DRV - File not found [Kernel | Boot] -- -- (atapi)
DRV - File not found [Kernel | On_Demand] -- -- (AsyncMac)
DRV - File not found [Kernel | System] -- -- (asuskbnt)
DRV - File not found [Kernel | Auto] -- -- (Aspi32)
DRV - File not found [Kernel | Auto] -- -- (aslm75)
DRV - File not found [Kernel | On_Demand] -- -- (Arp1394)
DRV - File not found [Kernel | On_Demand] -- -- (AR9271)
DRV - File not found [Kernel | On_Demand] -- -- (AnyDVD)
DRV - File not found [Kernel | On_Demand] -- -- (AN983)
DRV - File not found [Kernel | System] -- -- (AmdK7)
DRV - File not found [Kernel | System] -- -- (AFD)
DRV - File not found [File_System | On_Demand] -- -- (afcdp)
DRV - File not found [Kernel | Auto] -- -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - File not found [Kernel | On_Demand] -- -- (aec)
DRV - File not found [Kernel | Boot] -- -- (ACPI)
DRV - File not found [Kernel | On_Demand] -- -- (95deacf3)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SuperAntispyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SuperAntispyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/22 14:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\RivaTuner v2.24\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/05/28 09:32:24 | 000,108,032 | ---- | M] (tzuk) [Kernel | On_Demand] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2007/11/03 00:12:32 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/08/10 19:07:42 | 000,021,920 | ---- | M] (SiSoftware) [Kernel | On_Demand] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\sandra.sys -- (SANDRA)
DRV - [2001/01/02 00:36:06 | 000,021,520 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\WINSOCK.DLL -- (Winsock)
DRV - [2000/06/08 17:00:00 | 000,010,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS -- (gameenum)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.175.67:3128

IE - HKU\Administrator_ON_G\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\Administrator_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost
IE - HKU\Administrator_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.175.67:3128

IE - HKU\Guest_ON_G\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
IE - HKU\Guest_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\Guest_ON_G\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - File not found
IE - HKU\Guest_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Jason_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\Jason_ON_G\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - File not found
IE - HKU\Jason_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Jason_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;*.local
IE - HKU\Jason_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 121.9.221.189:80

IE - HKU\jason2_ON_G\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
IE - HKU\jason2_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\jason2_ON_G\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - File not found
IE - HKU\jason2_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\postgres_ON_G\Software\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\postgres_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\postgres_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost
IE - HKU\postgres_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 219.93.175.67:3128


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.4\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.4\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2010/07/23 20:23:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.6\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla 1.6\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2010/07/23 20:23:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: E:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/09/27 10:52:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: E:\Documents and Settings\Jason\Application Data\IDM\idmmzcc5
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.4\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.4\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2010/07/23 20:23:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.6\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.6\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2010/07/23 20:23:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: E:\Documents and Settings\Jason\Application Data\IDM\idmmzcc5


Hosts file not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - File not found
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - File not found
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - File not found
O3 - HKU\Administrator_ON_G\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3 - HKU\Administrator_ON_G\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - File not found
O3 - HKU\Guest_ON_G\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3 - HKU\Guest_ON_G\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - File not found
O3 - HKU\Jason_ON_G\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3 - HKU\Jason_ON_G\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3 - HKU\Jason_ON_G\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - File not found
O3 - HKU\Jason_ON_G\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\Jason_ON_G\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
O3 - HKU\jason2_ON_G\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3 - HKU\jason2_ON_G\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3 - HKU\jason2_ON_G\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - File not found
O3 - HKU\postgres_ON_G\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3 - HKU\postgres_ON_G\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] File not found
O4 - HKLM..\Run: [Alcmtr] File not found
O4 - HKLM..\Run: [combofix] File not found
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] File not found
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [o3mU36X] File not found
O4 - HKLM..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
O4 - HKLM..\Run: [RTHDCPL] File not found
O4 - HKLM..\Run: [SAOB Monitor] File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WUSB54Gv2] File not found
O4 - HKU\Administrator_ON_G..\Run: [ALUAlert] File not found
O4 - HKU\Guest_ON_G..\Run: [ALUAlert] File not found
O4 - HKU\Jason_ON_G..\Run: [AdobeBridge] File not found
O4 - HKU\Jason_ON_G..\Run: [ctfmon.exe] File not found
O4 - HKU\Jason_ON_G..\Run: [ISUSPM] File not found
O4 - HKU\Jason_ON_G..\Run: [NoteZilla] C:\Program Files\Conceptworld\NoteZilla\NoteZilla.exe (Conceptworld Corporation)
O4 - HKU\Jason_ON_G..\Run: [QNPlus] File not found
O4 - HKU\Jason_ON_G..\Run: [StickIt] File not found
O4 - HKU\Jason_ON_G..\Run: [WatchCat] C:\stuff\Applications\Apps - Small\!--Windows Apps--!\wcat200\WCAT.EXE (Private.)
O4 - HKU\jason2_ON_G..\Run: [AIM] File not found
O4 - HKU\jason2_ON_G..\Run: [ctfmon.exe] File not found
O4 - HKU\postgres_ON_G..\Run: [ALUAlert] File not found
O4 - HKLM..\RunOnce: [combofix] File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] File not found
O4 - HKU\Administrator_ON_G..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\Administrator_ON_G..\RunOnce: [tscuninstall] File not found
O4 - HKU\postgres_ON_G..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\postgres_ON_G..\RunOnce: [tscuninstall] File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
F3 - HKU\jason2_ON_G WinNT: Run - (E:\WINDOWS\inet20013\services.exe) - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_G\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Administrator_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_G\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Guest_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Jason_ON_G\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SearchOptionsEx = 1152656
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ExSearchOptions = 1153279
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\Jason_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\jason2_ON_G\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\jason2_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_G\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\LocalService_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_G\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\NetworkService_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\postgres_ON_G\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\postgres_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_G\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - File not found
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - Reg Error: Value error. File not found
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - File not found
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter...oad/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1180392449812 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: DirectAnimation Java Classes file://E:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://E:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - File not found
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - File not found
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - File not found
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - File not found
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - File not found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - File not found
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - File not found
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - File not found
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SuperAntispyware\SASWINLO.DLL - C:\Program Files\SuperAntispyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - File not found
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - File not found
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - File not found
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - File not found
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {54D9498B-CF93-414F-8984-8CE7FDE0D391} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SuperAntispyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (kerberos) - File not found
O30 - LSA: Security Packages - (msv1_0) - File not found
O30 - LSA: Security Packages - (schannel) - File not found
O30 - LSA: Security Packages - (wdigest) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/05/15 19:14:06 | 000,000,300 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/07 18:54:13 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - File not found - -- [ FAT ]
O32 - AutoRun File - File not found - -- [ FAT ]
O32 - AutoRun File - [2011/03/05 09:59:52 | 000,000,090 | ---- | M] () - F:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2007/02/12 15:53:42 | 000,000,277 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\K\Shell\AutoRun\command - "" = "K:\Install FreeAgent Tools.exe" /run
O33 - MountPoints2\M\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck sprestrt) - File not found
O34 - HKLM BootExecute: (autocheck sprestrt) - File not found
O34 - HKLM BootExecute: (autocheck sprestrt) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 11:26:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/27 11:11:23 | 000,000,000 | ---D | C] -- C:\$WIN_NT$.~BT
[2011/09/27 09:49:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\4088192661
[2011/09/19 08:58:28 | 000,000,000 | ---D | C] -- C:\Dev-Cpp
[2011/09/08 11:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Conceptworld
[2011/09/08 11:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\hott notes 4
[2011/09/08 11:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\StickIt
[2010/05/15 12:36:18 | 000,131,072 | ---- | C] (Diversified Data) -- C:\Program Files\JPEGtoPDF.exe
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/27 11:26:44 | 000,000,473 | RHS- | M] () -- C:\boot.ini
[2011/09/27 10:10:23 | 000,000,358 | ---- | M] () -- C:\Boot.bak
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/27 11:26:44 | 000,000,358 | ---- | C] () -- C:\Boot.bak
[2011/09/27 11:26:38 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/27 11:11:32 | 000,480,367 | R--- | C] () -- C:\txtsetup.sif
[2011/09/27 11:11:32 | 000,260,288 | R--- | C] () -- C:\$LDR$
[2011/06/28 15:40:55 | 000,000,312 | ---- | C] () -- C:\Program Files\slvers.dat
[2010/09/28 12:44:49 | 000,000,366 | ---- | C] () -- C:\Program Files\Shortcut to Program Files.lnk
[2010/03/27 18:58:53 | 000,048,128 | ---- | C] () -- C:\Program Files\FLVJoin.exe
[2009/09/06 14:59:01 | 001,118,006 | ---- | C] () -- C:\Program Files\ringin2.mp3
[2008/04/02 15:33:48 | 001,451,854 | ---- | C] () -- C:\Program Files\emergencysignal.wav
[2008/04/02 15:33:48 | 000,532,524 | ---- | C] () -- C:\Program Files\Sound Effect - Car Alarm [1].mp3
[2008/04/02 15:33:48 | 000,209,452 | ---- | C] () -- C:\Program Files\ALERT.WAV
[2008/04/02 15:33:48 | 000,103,054 | ---- | C] () -- C:\Program Files\SOUND1.WAV
[2008/04/02 15:33:48 | 000,096,378 | ---- | C] () -- C:\Program Files\alarm.wav
[2008/04/02 15:33:48 | 000,074,300 | ---- | C] () -- C:\Program Files\alarm_indoor.wav
[2008/04/02 15:33:48 | 000,026,016 | ---- | C] () -- C:\Program Files\HLOWSHLD.WAV
[2008/04/02 15:33:48 | 000,011,506 | ---- | C] () -- C:\Program Files\piepjes.wav
[2008/04/02 15:33:48 | 000,004,570 | ---- | C] () -- C:\Program Files\SysAlert.wav
[2003/08/21 21:49:39 | 000,000,112 | ---- | C] () -- C:\WINDOWS\setupx.dll,InstallHinfSection
[2003/04/30 20:27:23 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2003/04/30 20:27:23 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/04/30 20:25:48 | 000,000,110 | ---- | C] () -- C:\WINDOWS\setupx.dll,sxCallMigrationDlls_RunDll
[2003/04/30 20:25:42 | 000,610,336 | RH-- | C] () -- C:\WINDOWS\SYSTEM.DAT
[2003/04/30 20:25:02 | 000,245,792 | RH-- | C] () -- C:\WINDOWS\CLASSES.DAT
[2003/04/30 20:24:43 | 000,086,048 | RH-- | C] () -- C:\WINDOWS\USER.DAT
[2003/03/06 06:42:43 | 000,001,354 | ---- | C] () -- C:\WINDOWS\rundll.sys
[2003/03/06 06:42:43 | 000,000,576 | ---- | C] () -- C:\WINDOWS\dir.sys
[2003/03/06 06:42:39 | 000,202,240 | ---- | C] () -- C:\WINDOWS\svchost.exe
[2001/01/02 00:36:54 | 000,018,939 | ---- | C] () -- C:\WINDOWS\SETVER.EXE
[2001/01/02 00:36:54 | 000,010,177 | ---- | C] () -- C:\WINDOWS\SETUP.INI
[2001/01/02 00:36:54 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2001/01/02 00:36:54 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2000/06/08 17:00:00 | 000,357,750 | ---- | C] () -- C:\WINDOWS\NET.EXE
[2000/06/08 17:00:00 | 000,129,078 | ---- | C] () -- C:\WINDOWS\LOGOS.SYS
[2000/06/08 17:00:00 | 000,125,495 | ---- | C] () -- C:\WINDOWS\EMM386.EXE
[2000/06/08 17:00:00 | 000,125,168 | ---- | C] () -- C:\WINDOWS\MSOWS409.DLL
[2000/06/08 17:00:00 | 000,122,998 | ---- | C] () -- C:\WINDOWS\SUBACK16.BIN
[2000/06/08 17:00:00 | 000,093,040 | ---- | C] () -- C:\WINDOWS\COMMAND.COM
[2000/06/08 17:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\UPWIZUN.EXE
[2000/06/08 17:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\DVDRGN.EXE
[2000/06/08 17:00:00 | 000,046,377 | ---- | C] () -- C:\WINDOWS\WININIT.EXE
[2000/06/08 17:00:00 | 000,045,379 | ---- | C] () -- C:\WINDOWS\SMARTDRV.EXE
[2000/06/08 17:00:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\PIDSET.EXE
[2000/06/08 17:00:00 | 000,033,191 | ---- | C] () -- C:\WINDOWS\HIMEM.SYS
[2000/06/08 17:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\MM2ENT.EXE
[2000/06/08 17:00:00 | 000,024,626 | ---- | C] () -- C:\WINDOWS\CMD640X.SYS
[2000/06/08 17:00:00 | 000,020,901 | ---- | C] () -- C:\WINDOWS\CMD640X2.SYS
[2000/06/08 17:00:00 | 000,018,720 | ---- | C] () -- C:\WINDOWS\WIN1024.BIN
[2000/06/08 17:00:00 | 000,018,183 | ---- | C] () -- C:\WINDOWS\WIN.COM
[2000/06/08 17:00:00 | 000,018,007 | ---- | C] () -- C:\WINDOWS\KEYB.SYS
[2000/06/08 17:00:00 | 000,013,207 | ---- | C] () -- C:\WINDOWS\DISPLAY.SYS
[2000/06/08 17:00:00 | 000,012,663 | ---- | C] () -- C:\WINDOWS\RAMDRIVE.SYS
[2000/06/08 17:00:00 | 000,012,484 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2000/06/08 17:00:00 | 000,011,664 | ---- | C] () -- C:\WINDOWS\WIN800.BIN
[2000/06/08 17:00:00 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2000/06/08 17:00:00 | 000,007,788 | ---- | C] () -- C:\WINDOWS\WIN640.BIN
[2000/06/08 17:00:00 | 000,006,550 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.DAT
[2000/06/08 17:00:00 | 000,006,295 | ---- | C] () -- C:\WINDOWS\NLSFUNC.SYS
[2000/06/08 17:00:00 | 000,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2000/06/08 17:00:00 | 000,003,708 | ---- | C] () -- C:\WINDOWS\IFSHLP.SYS
[2000/06/08 17:00:00 | 000,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2000/06/08 17:00:00 | 000,002,614 | ---- | C] () -- C:\WINDOWS\DBLBUFF.SYS
[2000/06/08 17:00:00 | 000,001,105 | ---- | C] () -- C:\WINDOWS\ASPI2HLP.SYS
[2000/06/08 17:00:00 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI

========== LOP Check ==========

[2000/06/08 17:00:00 | 000,000,502 | ---- | M] () -- C:\WINDOWS\Tasks\WINALIGN.JOB

========== Purity Check ==========


< End of report >

Edited by supremeone77, 27 September 2011 - 07:50 PM.

  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
I think we are dealing with a new version here. Do you really have a drive E: ?

Drive E: | 1.91 Gb Total Space | 0.03 Gb Free Space | 1.37% Space Free | Partition Type: FAT

F3 - HKU\jason2_ON_G WinNT: Run - (E:\WINDOWS\inet20013\services.exe) - File not found
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - File not found

I've seen this thing create a new partition (which it called E: ). Go into the Recovery Console and do:

map

What does it say about C: and E: ?

Ron
  • 0

#12
supremeone77

supremeone77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Yeah the windows installation is on drive E:, it's a long story. But in that log, the flash drive was labeled E:, and windows drive was labeled F:. So it might look at a registry line and look for E:\*** and ends up searching on the wrong drive, so it comes up empty. Don't think anything is wrong there.

Btw one time i had some malware where I couldn't boot. And i went to mbrwizard in ubcd4win and erased first 63 sectors of mbr and it booted. I guess it infected the boot sector, and I heard rootkits can do that too. Think its worth a try? I've done it before, don't think it could hurt. I just want to get back on pc soon.

Edited by supremeone77, 27 September 2011 - 08:15 PM.

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
The OTL log is very confused about where things are and the current E: is not big enough for a Windows installation. I'm wondering if boot.ini is now wrong. Normally it would be at C:\boot.ini can you see if you can find it and copy and paste it?

If you remove the flash drive from E: does the OTL log change?

fixmbr more or less fixes any rootkits in the mbr so I don't think mbrwiz will help.

Go ahead and run mbrwizard and see if it can tell you which drive is active (bootable). I think it's the /List command which will tell you that.
Also look for any hidden partitions and tell me about them.

Ron
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
If you are in a hurry the fastest way is probably just to wipe the drive and reinstall. Delete all partitions and make it start from scratch to be sure you get it. Then go to windows updates and download all 120 or so of them including MSSE before going to any other site.

Ron
  • 0

#15
supremeone77

supremeone77

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
i think its F; drive whether flash drive is in or not. something always get screwy with that. I know in the past it could be a different letter. Just something to do with how dos or ubcd4win or otl gets drive letters.

I am in somewhat of a hurry but, I wouldn't do a reinstall. I'd try a repair install to get it to barely boot and run combofix again and some other tools. But Im willing to try a few more ideas. I just don't want to spend more than 1 more day with this because it's in such a hopeless state right now, can't even boot. I think there's only so many things to try when you're in this situation, because you're so limited. Can't even get in safe mode ;\

Heres boot ini. i tried editting it to whats in boot.bak but it wouldn't let me. I'm going to try mbrwizard thing.

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional on D:" =optin /fastdetect
C:\="Previous Operating System on C:"

the old boot.ini said:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional on D:" =optin /fastdetect
C:\="Previous Operating System on C:"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP