Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Boot to black screen with cursor [Solved]

Started by Jhackofalltrades , Dec 16 2012 04:34 AM

  • This topic is locked This topic is locked

#91
Jhackofalltrades
Posted 06 February 2013 - 06:06 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I enabled the Windows Firewall, then uninstalled Online Armor and rebooted. Went to the windows update site, it failed again with the same code as before. I reinstalled Online Armor, it said that it would give me 30 free days as a trial and would I like to continue. I stopped that installation and went searching for another firewall. PC magazine's site recommended Zone Alarm, so I installed that. Rebooted. Went to the windows update site, it failed again with same code as before. While I was searching in major geeks for a firewall, I noticed that there was a fix for repairing broken Windows Firewalls and that if it was broken enough that the firewall could fail even if it was turned off. Installed that, ran fine, went to windows update site, it failed again with the same code as before. Ditto if the firewall was on snooze, disabled, and with both Zone Alarm and windows firewall disabled.

Updating the graphics driver is giving me crap. The automated download seems to fail when it gets to installing the Catalyst Control Center. I'm trying the less automated one now.

I've noticed that when I go to the windows update site, it keeps asking me to pick a time to install, despite that I've already got one set up.
  • 0

Advertisements

#92
Jhackofalltrades
Posted 06 February 2013 - 07:33 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I took a quote from earlier, uninstalled the Control Center, and then ran the install again. It worked just fine and now I have a working Catalyst Control Center though the driver for the monitor still is out of date. I'm having trouble finding a driver for a compaq 7500 17 inch CRT screen. I went to compaq and the site sent me to hp. hp drivers section said something about not supporting the driver and then when I went back later, it said the service was unavailable.
  • 0

#93
Buddierdl
Posted 07 February 2013 - 10:25 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Did you install the driver from here? You do not need a driver for your monitor, just for your graphics card, which is showing as an ATI Radeon HD 3400.

I am still thinking about Windows Update.
  • 0

#94
Jhackofalltrades
Posted 08 February 2013 - 08:35 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Waaaaah, everything fails :(

So I checked the file I had chosen before it was called 13-1_xp32_dd_ccc_whql. I remember choosing it b/c the autodetect tool from them said that I had a 32 bit system and gave me the name of my graphics card. Then I checked the file you sent me to, 13-1-legacy_xp32_dd_ccc_whql. I installed it and it failed. Then I went into Device manager and Display Adapter to check the driver date, it had updated this time. With my previously chosen file, it had failed to update the driver properly. Both of them failed to completely install.

Then I uninstalled the Catalyst Control Center again, ripped out hydravision this time too for good measure and reinstalled. Everything seems work fine on my end (still don't have the options that I thought I remembered. Wasn't there something called true color that's 64bit instead of only med 16 and high 32? idk anymore. I right clicked the desktop, looked in settings, advanced, adapter, list all modes and it has true color listed 32 bit instead. maybe that's what I was thinking of. I'm tired and can't think straight now. I'll have my wife look at her puzzle site and see if the colors are correct for her. For me, it works fine save for the bad memory error that my brain seems to have with 64 bit color options that don't seem to exist :( nite nite buddy. I hope this weekend goes well for you and yours. bring me back some beads, okay?
  • 0

#95
Buddierdl
Posted 09 February 2013 - 10:28 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Please download this program to your desktop (very important). Then open a command prompt and paste in the following command:

%USERPROFILE%\Desktop\WUInstall /search >> %USERPROFILE%\Desktop\newlog.txt 2>>&1

This will create a log on your desktop. Paste it in your next reply.

Are you happy with your display driver, or do you want to look into it further?

Edited by Buddierdl, 09 February 2013 - 12:00 PM.

  • 0

#96
Jhackofalltrades
Posted 10 February 2013 - 04:39 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Errr, I downloaded it to my desktop and then opened a command prompt. I pasted the command but no log was visibly made. I replaced %userprofile% with c:\documents and settings\philip and entered the command like that, no log. I navigated to c:\documents and settings\philip\desktop and entered the command WUInstall /search >> %USERPROFILE%\Desktop\newlog.txt 2>>&1, but no log.

My windows search function is very broken. I had not mentioned it previously since it's been broken for a very, very long time. Another example of my possible stupidity from long ago. I couldn't get some part of windows search to stop looking at files every time something changed and it drove me nuts since it would randomly lag my gaming experience. So I went on a search and destroy mission, found files and settings pertaining to the offending function and removed them with extreme prejudice. I can't look for things easily on my computer anymore but I've never had to either. Up until this command. Maybe. I wouldn't have mentioned it now but the command had search in it and I believe that *may* be why it doesn't work. I'm not actively trying to mess things up for you. It simply hasn't worked since I intentionally broke it so long ago and I've been happy with it being broken. It doesn't update its tables or whatever it was and I don't inexplicably lag in the middle of everything randomly. It would anger me that I'd see search or something having to do with the search function hogging resources when I would bring up the task manager. It angered me, therefore it died.

I'm content with the display driver the way that it is. Everything seems to work, the issue my wife had is with what appears to be a semi-transparent icon denoting premium puzzles that was fully transparent before the current problems. It's still fully transparent on my other computer, but all other colors and images seem to be working just fine. The other computer lists 32 bit as true color, so perhaps I'm simply insane in my memories.
  • 0

#97
Buddierdl
Posted 11 February 2013 - 01:06 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Let's try it a different way. Download the following batch file and double-click on it to run it. Make sure that wuinstall.exe is on your desktop before you run the file. A notepad window should open with the results. Copy it into your next reply.

Would you like me to look at windows search?

As for the display driver, my desktop preferences only offers me a choice of 16-bit or 32-bit color. If you are happy with it, I think we can leave it be now.


Also, please run this scan.



Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the all of the options are checked:

    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Attached Files

  • Attached File  fix.bat   209bytes   355 downloads

  • 0

#98
Jhackofalltrades
Posted 12 February 2013 - 01:40 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
notepad opened and gave me the following output. It also created a log file on the desktop titled newlog


WuInstall Version 1.1.

Copyright by hs2n Informationstechnologie GmbH 2009-2012

This software comes with ABSOLUTELY NO WARRANTY


Visit: http://www.wuinstall.com for more infos, new versions and WuInstallPro


FREE VERSION. You are in Domain: PHILZNET



LICENSE INFORMATION: For WuInstall 1.1. this license authorizes for unlimited commercial and non-commercial use.



For questions, please contact us under [email protected] or see http://www.wuinstall.com



WuInstallCall: C:\Documents and Settings\Philip\Desktop\WUInstall.exe /search

Your update API: Major Version: 6, Minor Version: 0
Product Version: 7.6.7600.256

You have no WSUS Server configured

Searching for updates ... Criteria: IsInstalled=0 and Type='Software'
Search failed ... retrying ...
Error occured: Search failed 2 times.
Result CODE: 0x3F0 0x80090008 - Invalid algorithm specified.

**********************************************
I'm okay with search being broken unless you know how to stop indexing or at least slow it down. I couldn't remember what it was called yesterday, but it would index like crazy before I broke it. I had less mem then and indexing would roflstomp whatever I was trying to do at the time. If you know how to stop it from indexing all the time, sure, I'd be happy to have the search function work again. If you need to fix the search function in order to make windows update work, prevent future malware infections, or because it's really important, then I'll be happy to have the search function work again. But if it's not necessary, I'd like to just leave it alone. I've gotten used to making sure that my folders are labelled and easy to access. I don't need to search for things if I know where to find them.

tl;dr
No, but thank you :D

**********************************************

This is the FSS log that was created

Farbar Service Scanner Version: 10-02-2013
Ran by Philip (administrator) on 12-02-2013 at 02:34:01
Running from "C:\Documents and Settings\Philip\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2006-02-28 07:00] - [2006-02-28 07:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys
[2006-02-28 07:00] - [2006-02-28 07:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2008-07-22 09:33] - [2008-04-14 04:42] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll
[2006-02-28 07:00] - [2006-02-28 07:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2006-02-28 07:00] - [2006-02-28 07:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2006-02-28 07:00] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) pctgntdi(10) Tcpip(4)
0x06000000050000000300000004000000060000000A00000007000000
IpSec Tag value is correct.

**** End of log ****

************************************************************

FSS says that my firewall is disabled and that is correct. If I have a standalone firewall, I don't need the regular windows firewall running, do I?
  • 0

#99
Buddierdl
Posted 12 February 2013 - 04:55 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

If I have a standalone firewall, I don't need the regular windows firewall running, do I?


That is correct.

Step 1: Run OTL custom scan.

Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    /md5start
rsaenh.*
/md5stop
  • Select the Scan All Users box in the middle on the top of the window
  • Click the Run Scan button. Post the log it produces in your next reply.

Step 2: Let's repair Windows Search just to be sure it isn't causing issues. Once we fix it, you can disable indexing following the instructions here. As a first attempt, please go to here and run the fixit.
  • 0

#100
Jhackofalltrades
Posted 13 February 2013 - 03:54 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
OTL logfile created on: 2/13/2013 4:32:48 AM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Philip\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.49% Memory free
3.35 Gb Paging File | 2.73 Gb Available in Paging File | 81.56% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 252.39 Gb Free Space | 54.19% Space Free | Partition Type: NTFS

Computer Name: DILBERT | User Name: Philip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/06 04:08:23 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/29 21:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/01/29 20:35:36 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/01/14 03:53:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philip\Desktop\OTL.exe
PRC - [2012/11/22 09:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012/11/22 09:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012/10/06 03:08:21 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/05/28 13:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/02/28 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/28 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2004/08/24 16:12:14 | 000,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/06 04:08:23 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/11/16 14:44:36 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/11/14 00:58:10 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7ec47c4afad694faa491abd6b45928a\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 00:58:07 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\b809681da85a58046cb39f268b6697ad\System.Web.ni.dll
MOD - [2012/11/14 00:57:04 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/11/14 00:57:02 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\b5af2249e2d550f2752176a75c7a7656\Accessibility.ni.dll
MOD - [2012/11/13 22:59:41 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/11/13 22:59:36 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/11/13 22:17:19 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/11/13 22:15:52 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/11/13 22:15:39 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 13:47:00 | 000,127,376 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2011/05/28 13:46:58 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011/05/28 13:46:58 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011/05/28 13:46:58 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2010/03/16 11:22:12 | 000,014,848 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2010/03/08 21:55:56 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2006/02/28 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AGI\common\win32\PythonService.exe -- (AGWinService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AGI\core\3.2\AGCoreService.exe -- (AGCoreService)
SRV - [2013/02/11 03:04:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/06 04:08:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/29 21:08:04 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/11/22 09:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012/10/06 03:08:21 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/28 13:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/07 11:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2004/10/20 09:40:04 | 000,010,328 | ---- | M] (America Online) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/24 16:12:14 | 000,057,344 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Unknown (0) | On_Demand | Unknown] -- System32\Drivers\TfKbMon.sys -- (TfKbMon)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\3.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Philip\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/01/29 20:35:36 | 000,527,848 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012/11/22 09:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/11/16 16:04:28 | 007,874,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/05/14 01:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2012/03/02 15:03:00 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2012/03/02 15:03:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2012/03/02 15:03:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010/05/28 06:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/27 15:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 15:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 15:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 13:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/12/11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/08/01 17:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 17:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/07/03 16:03:14 | 004,745,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/05/20 18:53:36 | 000,093,696 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/25 19:01:00 | 000,132,096 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2007/09/28 13:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 13:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/12/28 11:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/24 15:51:26 | 000,650,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/24 15:43:18 | 000,014,520 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2004/08/24 15:40:28 | 000,229,720 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/24 15:35:14 | 000,100,240 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/24 15:33:32 | 001,395,376 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/08/24 15:24:14 | 000,013,216 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..\SearchScopes,DefaultScope = {E4C1C287-8FEA-4F2A-BA25-6C68D7630F52}
IE - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..\SearchScopes\{E4C1C287-8FEA-4F2A-BA25-6C68D7630F52}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-789336058-861567501-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-789336058-861567501-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "google-feed.net"
FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.zoneal...&tstsId=&ver=&"
FF - prefs.js..extensions.enabledAddons: btpersonas%40brandthunder.com:1.6.2.8
FF - prefs.js..extensions.enabledAddons: flvmoviesdownloader%40rzll:1.43
FF - prefs.js..extensions.enabledAddons: PardusCopilot%40mozilla.doslash.org:1.1.5
FF - prefs.js..extensions.enabledAddons: puc%40fantamondi.it:1.2.3
FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.171
FF - prefs.js..extensions.enabledAddons: %7BEDA7B1D7-F793-4e03-B074-E6F303317FB0%7D:1.2.7
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.28
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - prefs.js..extensions.enabledAddons: unplug%40compunach:2.054
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40zonealarm.com:1.6.0
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.6rc1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.zoneal...tsId=&ver=&&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Karen\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Philip\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013/02/06 04:26:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 04:08:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/06 04:08:17 | 000,000,000 | ---D | M]

[2008/10/17 17:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Extensions
[2013/02/12 05:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions
[2012/07/30 03:54:38 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2013/01/16 02:06:50 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2013/01/16 02:06:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/12 02:59:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2012/09/27 04:13:42 | 000,000,000 | ---D | M] ("Default Theme Engine - Personas Interactive") -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2013/02/06 04:23:55 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2011/10/29 10:10:41 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2010/01/22 02:27:09 | 000,000,000 | ---D | M] ("FTSTrader") -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\ftstrader@torx
[2012/06/09 21:26:28 | 000,014,838 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2011/06/10 07:17:10 | 000,031,415 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2011/05/28 06:56:03 | 000,063,696 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2013/01/30 05:41:21 | 000,142,907 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]
[2013/01/26 06:49:40 | 000,024,292 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
[2013/02/12 05:33:33 | 000,531,016 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/01/26 06:49:40 | 000,242,136 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/05/04 23:32:01 | 000,091,556 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi
[2013/01/23 05:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\extensions\[email protected]\content\Abine\chrome\content\ff\view_expiry.js
[2013/02/06 04:18:44 | 000,001,488 | ---- | M] () -- C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\5yl0bayj.default\searchplugins\zonealarm.xml
[2013/02/06 04:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/06 04:08:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/06 04:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/02/06 04:08:23 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/03/20 03:55:06 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2012/08/29 11:26:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 10:36:07 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google Custom Search ()
CHR - default_search_provider: search_url = http://landing.savet...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Karen\Application Data\Move Networks\plugins\npqmp071503000010.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Karen\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\WINDOWS\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/08/15 03:33:52 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\Karen\Start Menu\Programs\Startup\Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe (Rainy)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = [binary data]
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: amazon.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: carboniteaddon.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-789336058-861567501-1801674531-1004\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...t Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1274685273609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1352878580937 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://3979.mcdtt.co...hecker_8000.cab (OCXDownloadChecker Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} http://3979.mcdtt.co...adFile_8100.cab (DownloadFile Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABA3E625-ED42-4856-AA31-087C7FD95685}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Philip\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 09:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/12 14:32:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Philip\Recent
[2013/02/10 05:14:54 | 002,139,648 | ---- | C] (hs2n Informationstechnologie GmbH) -- C:\Documents and Settings\Philip\Desktop\WUInstall.exe
[2013/02/08 09:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2013/02/08 09:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Catalyst Control Center
[2013/02/08 09:23:08 | 000,103,040 | ---- | C] (Advanced Micro Devices) -- C:\WINDOWS\System32\drivers\AtihdXP3.sys
[2013/02/08 06:02:01 | 111,595,832 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Philip\Desktop\13-1-legacy_xp32_dd_ccc_whql.exe
[2013/02/06 06:51:17 | 100,496,424 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Philip\Desktop\13-1_xp32_dd_ccc_whql.exe
[2013/02/06 05:15:48 | 000,000,000 | ---D | C] -- C:\AMD
[2013/02/06 04:59:45 | 000,792,704 | ---- | C] (AMD) -- C:\Documents and Settings\Philip\Desktop\amddriverdownloader.exe
[2013/02/06 04:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\My Documents\ForceField Shared Files
[2013/02/06 04:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Application Data\CheckPoint
[2013/02/06 04:23:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2013/02/06 04:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Application Data\Check Point Software Technologies LTD
[2013/02/06 04:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013/02/06 04:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/02/06 04:16:13 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/02/06 04:16:02 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013/02/06 04:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Desktop\Tweaking.com - Repair Windows Firewall
[2013/02/06 04:15:26 | 002,398,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Documents and Settings\Philip\Desktop\zafwSetupWeb_110_000_057.exe
[2013/02/06 04:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/03 04:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Application Data\Trillian
[2013/01/31 02:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2013/01/29 20:35:36 | 000,527,848 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2013/01/27 04:11:52 | 017,301,984 | ---- | C] (Adobe Systems Inc.) -- C:\Documents and Settings\Philip\Desktop\AdobeAIRInstaller.exe
[2013/01/25 04:44:56 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\MicrosoftFixit.wu.LB.137282534272152316.2.1.Run.exe
[2013/01/23 05:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philip\Desktop\Belarc Advisor Current Profile_files
[2013/01/23 03:14:07 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2013/01/21 05:20:23 | 000,352,883 | ---- | C] (Farbar) -- C:\Documents and Settings\Philip\Desktop\FSS.exe
[2013/01/20 06:30:20 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013/01/20 06:23:27 | 001,528,184 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\GenuineCheck.exe
[2013/01/19 02:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2013/01/19 02:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2013/01/16 02:12:37 | 030,185,256 | ---- | C] (Emsisoft GmbH ) -- C:\Documents and Settings\Philip\Desktop\OnlineArmorSetup.exe
[2013/01/15 06:07:16 | 000,000,000 | ---D | C] -- C:\_OTL
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/13 04:28:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce03d7f55cfecc.job
[2013/02/13 04:28:24 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\ProgramUpdateCheck.job
[2013/02/13 04:28:24 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2013/02/13 04:28:24 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2013/02/13 04:27:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/13 04:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/12 05:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-861567501-1801674531-1005Core1cc03f46f882a40.job
[2013/02/12 02:32:40 | 000,352,883 | ---- | M] (Farbar) -- C:\Documents and Settings\Philip\Desktop\FSS.exe
[2013/02/12 02:24:32 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\fix.bat
[2013/02/11 03:04:16 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/11 03:04:16 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/10 05:23:23 | 000,001,548 | ---- | M] () -- C:\Documents
[2013/02/10 05:15:06 | 002,139,648 | ---- | M] (hs2n Informationstechnologie GmbH) -- C:\Documents and Settings\Philip\Desktop\WUInstall.exe
[2013/02/08 07:53:56 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\waaag.rtf
[2013/02/08 07:40:58 | 000,008,308 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\Why am I not surprised.xml
[2013/02/08 06:16:32 | 111,595,832 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Philip\Desktop\13-1-legacy_xp32_dd_ccc_whql.exe
[2013/02/06 07:19:41 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/06 07:04:36 | 100,496,424 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Documents and Settings\Philip\Desktop\13-1_xp32_dd_ccc_whql.exe
[2013/02/06 04:59:47 | 000,792,704 | ---- | M] (AMD) -- C:\Documents and Settings\Philip\Desktop\amddriverdownloader.exe
[2013/02/06 04:52:42 | 000,417,507 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/02/06 04:16:13 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/02/06 04:15:40 | 002,398,248 | ---- | M] (Check Point Software Technologies LTD) -- C:\Documents and Settings\Philip\Desktop\zafwSetupWeb_110_000_057.exe
[2013/02/06 04:03:37 | 000,872,495 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\Tweaking.com-RepairWindowsFirewall.exe
[2013/02/05 04:58:38 | 000,130,115 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\WindowsUpdate.zip
[2013/02/02 21:55:30 | 000,689,664 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\MicrosoftFixit50202.msi
[2013/01/31 01:59:01 | 003,327,000 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\WindowsXP-KB942288-v3-x86.exe
[2013/01/31 01:52:34 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\installerfix.bat
[2013/01/29 20:35:36 | 000,527,848 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2013/01/27 04:14:04 | 017,301,984 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Philip\Desktop\AdobeAIRInstaller.exe
[2013/01/27 04:06:42 | 000,673,280 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\MicrosoftFixit50528.msi
[2013/01/25 04:44:56 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\MicrosoftFixit.wu.LB.137282534272152316.2.1.Run.exe
[2013/01/25 00:58:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/01/23 05:43:34 | 000,028,015 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\Belarc Advisor Current Profile.zip
[2013/01/23 05:43:10 | 000,306,481 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\Belarc Advisor Current Profile.htm
[2013/01/23 03:13:06 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\showalldisplaytabs-xp.vbs
[2013/01/21 05:23:48 | 000,204,757 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\lack of tabs.zip
[2013/01/21 05:17:26 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\lack of tabs.bmp
[2013/01/20 06:30:38 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Philip\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/01/20 06:30:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/20 06:30:09 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/01/20 06:30:09 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/01/20 06:23:31 | 001,528,184 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Philip\Desktop\GenuineCheck.exe
[2013/01/18 08:23:15 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\desktoptab.reg
[2013/01/16 02:35:53 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\SecurityCheck.exe
[2013/01/16 02:18:54 | 000,485,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/16 02:18:54 | 000,090,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/16 02:16:31 | 030,185,256 | ---- | M] (Emsisoft GmbH ) -- C:\Documents and Settings\Philip\Desktop\OnlineArmorSetup.exe
[2013/01/15 06:02:51 | 000,403,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/15 06:01:26 | 000,554,087 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\AdwCleaner.exe
[2013/01/15 05:58:48 | 000,001,215 | ---- | M] () -- C:\Documents and Settings\Philip\Desktop\Custom scans and fixes011513.rtf
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/12 02:24:32 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\fix.bat
[2013/02/10 05:16:02 | 000,001,548 | ---- | C] () -- C:\Documents
[2013/02/08 09:22:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2013/02/08 07:53:55 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\waaag.rtf
[2013/02/08 07:40:58 | 000,008,308 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\Why am I not surprised.xml
[2013/02/06 04:26:23 | 000,417,507 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/02/06 04:03:29 | 000,872,495 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\Tweaking.com-RepairWindowsFirewall.exe
[2013/02/05 14:35:31 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1ce03d7f55cfecc.job
[2013/02/05 04:58:38 | 000,130,115 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\WindowsUpdate.zip
[2013/02/03 04:24:51 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Philip\Start Menu\Programs\Trillian.lnk
[2013/02/02 21:55:30 | 000,689,664 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\MicrosoftFixit50202.msi
[2013/01/31 01:58:40 | 003,327,000 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\WindowsXP-KB942288-v3-x86.exe
[2013/01/31 01:52:34 | 000,000,509 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\installerfix.bat
[2013/01/27 04:06:41 | 000,673,280 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\MicrosoftFixit50528.msi
[2013/01/23 05:43:34 | 000,028,015 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\Belarc Advisor Current Profile.zip
[2013/01/23 05:43:09 | 000,306,481 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\Belarc Advisor Current Profile.htm
[2013/01/23 03:13:05 | 000,001,588 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\showalldisplaytabs-xp.vbs
[2013/01/21 05:23:48 | 000,204,757 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\lack of tabs.zip
[2013/01/21 05:17:25 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\lack of tabs.bmp
[2013/01/18 08:23:15 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\desktoptab.reg
[2013/01/16 02:35:52 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\SecurityCheck.exe
[2013/01/15 08:46:39 | 000,001,215 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\Custom scans and fixes011513.rtf
[2013/01/15 06:05:55 | 000,554,087 | ---- | C] () -- C:\Documents and Settings\Philip\Desktop\AdwCleaner.exe
[2012/12/12 02:34:29 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/08/15 03:45:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/07/30 05:58:24 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\Philip\jagex_cl_runescape_LIVE1.dat
[2012/07/30 04:28:41 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Philip\jagex_cl_runescape_LIVE.dat
[2011/12/24 21:18:49 | 000,038,399 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2011/10/25 21:21:48 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2011/08/19 19:18:49 | 000,000,010 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/23 05:42:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/05/04 16:28:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/04 16:28:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/04 16:28:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/04 16:28:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/04 16:28:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/22 14:50:57 | 000,093,396 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/29 22:29:10 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2010/08/02 07:18:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\prvlcl.dat
[2010/03/23 01:06:08 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\fusioncache.dat
[2010/02/14 02:10:59 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2008/10/19 21:14:44 | 000,029,794 | ---- | C] () -- C:\Documents and Settings\Philip\1.zor
[2008/10/19 18:00:44 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Philip\Untitled.zor
[2008/07/24 05:21:50 | 000,236,032 | ---- | C] () -- C:\Documents and Settings\Philip\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/07/22 09:50:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2006/02/28 07:00:00 | 001,492,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: RSAENH.DLL >
[2006/02/28 07:00:00 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=26ACBD865F8CFF730F1791C4D0854352 -- C:\WINDOWS\system32\rsaenh.dll
[2008/04/13 22:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) MD5=54DAE3EA34802B4ED9AE1C6B1209FA56 -- C:\WINDOWS\SoftwareDistribution\Download.bak\9866fb57abdc0ea2f5d4e132d055ba4e\rsaenh.dll
[2008/04/13 22:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) MD5=54DAE3EA34802B4ED9AE1C6B1209FA56 -- C:\WINDOWS\system32\dllcache\rsaenh.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB4262DE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >


***********************************************************

The fixit failed because it cannot contact the server, code 80090008
  • 0

Advertisements

#101
Buddierdl
Posted 13 February 2013 - 09:01 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

I think we may have nailed it down. We need to update one of your files.

Step 1: Run OTL fix.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
C:\WINDOWS\system32\rsaenh.dll|C:\WINDOWS\system32\dllcache\rsaenh.dll /replace
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

Step 2: OTL custom scan.

Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    C:\WINDOWS\system32\rsaenh.dll /md5
  • Select the None button at the top of the window
  • Click the Run Scan button. Post the log it produces in your next reply.

Do windows updates work now?
  • 0

#102
Jhackofalltrades
Posted 14 February 2013 - 02:43 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Woot! Encouraging words! I realize that may sound like I'm down or ungrateful, I'm not, far from it. But it's nice to see that a chunk of the problem has been identified or at least appears to. Once all this is over, what are the chances that you can explain what all happened. I know that I, personally, am responsible for some damage (I don't know how much) but I'd really like to find out what happened. I don't need it dumbed down for non-techies. I'll have fun looking around to understand what you're talking about. This entire experience has been a very.... odd trainwreck for me. It's been surreal, but watching my computer twitch and come back to life and then get un-gimped is very rivetting for me. Like the slowmo reversal of... well... a trainwreck. It's neat watching the bits fly around and then start to come back together.

This is the first log.

========== FILES ==========
Unable to replace file: C:\WINDOWS\system32\rsaenh.dll with C:\WINDOWS\system32\dllcache\rsaenh.dll without a reboot.

OTL by OldTimer - Version 3.2.69.0 log created on 02142013_033207

Files\Folders moved on Reboot...

PendingFileRenameOperations files...
[2006/02/28 07:00:00 | 000,152,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll : MD5=26ACBD865F8CFF730F1791C4D0854352

Registry entries deleted on Reboot...

*******************************************

This is the second file that was created. It took almost no time to produce.

OTL logfile created on: 2/14/2013 3:42:51 AM - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Philip\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.40% Memory free
3.35 Gb Paging File | 2.72 Gb Available in Paging File | 81.14% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 252.31 Gb Free Space | 54.17% Space Free | Partition Type: NTFS

Computer Name: DILBERT | User Name: Philip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< C:\WINDOWS\system32\rsaenh.dll /md5 >
[2006/02/28 07:00:00 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=26ACBD865F8CFF730F1791C4D0854352 -- C:\WINDOWS\system32\rsaenh.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

***************************************************

I really have to learn to finish all the steps of processes before checking conclusions. Windows update failed, error code 80090008 again. I'm not undaunted at all and all the previous sentiment still applies, just with less jubilation. I still like watching you work at it :D

Edited by Jhackofalltrades, 14 February 2013 - 02:47 AM.

  • 0

#103
Buddierdl
Posted 15 February 2013 - 02:59 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#104
Jhackofalltrades
Posted 17 February 2013 - 07:42 AM

Jhackofalltrades

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
When Combofix first ran, it detected a threatfire remnant that I apparently cannot get rid of (it's not the first time something has detected the leftover bit, but I cannot find it for the life of me and the uninstaller program removethreatfire(3.0) doesn't want to do the job). Combofix ran for longer than 40 minutes.

For whatever reason, I didn't read step 2 and have it click. I reran Combofix twice more. Once, having tried the threatfire remover program. Once to see if it would continue for more than an hour without stopping.

I have found and used Combofix from another forum before to clean up a troublesome malware problem, but I cannot remember the details.
  • 0

#105
Buddierdl
Posted 18 February 2013 - 12:54 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Jhackofalltrades,

Let's try a different method. Please use the OTLPE CD that we were using at the beginning.

Start OTLPE as you did previously from CD
Download Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode.
  • Find and post the log saved in C:\_OTL\MovedFiles and named with numbers describing the date and time it was run.

Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    /md5start
rsaenh.*
/md5stop
  • Select the None button in the middle on the top of the window.
  • Click the Run Scan button. Post the log it produces in your next reply.

Do updates work now?
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP