Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP! AVG CAUSED BOOTLOOP BSOD ON WINDOWS XP HOME EDITION COMPUTER

Started by Gedmateo , Feb 19 2013 12:32 AM

  • Please log in to reply

#1
Gedmateo
Posted 19 February 2013 - 12:32 AM

Gedmateo

    Member

  • Member
  • PipPip
  • 13 posts
Hello I'm a newb here, so i dont know all the rules, so feel free to direct me.

I was on my notebook which is running XP home edition, and I installed AVG, and ran a scan. AVG showed that I had two viruses. One was in a window 32 driver folder. Avg asked me to remove it, so I did. then it told me to restart my computer, and i did, which caused Infi-Boot loop. Ive tried booting in safe mode and it didnt work.
Here are my BSOD numbers
STOP: 0x0000007B (0xBA4CF524, 0xc0000034, 0x00000000, 0x00000000)

Edited by Gedmateo, 19 February 2013 - 12:32 AM.

  • 0

Advertisements

#2
JSntgRvr
Posted 19 February 2013 - 12:41 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
:welcome:

We will create a bootable USB drive with Reatogo and run OTLPE.exe to scan the computer.

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

Save these instructions in the USB drive and keep it as reference.

    • Download OTLPEStd.exe from the following link and save it to your Desktop: mirror1.
    • Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
    • Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
  • Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop

    Posted Image

  • Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:

    Posted Image

  • Please also decompress eeepcfr to your systemroot (usually C:\).
  • Empty the flash drive you want to install OTLPE on, except for these instructions.
  • Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
  • Press any key when asked to in the black window that opens.
  • As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
    For Drive Label: type in OTLPE.
    Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
    Finally check Enable File Copy.

    Posted Image


  • Click on Start, accept the disclaimers and wait for the program to finish.

Your bootable flash drive should now be ready!
  • Boot the sick computer using the boot USB you just created. You must set the notebook to boot from the USB Drive. Consult the Notebook's documentation.
  • Your system should now display a Reatogo desktop.
    Note : as you are running from a USB drive it is not exactly speedy
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under the Custom Scan box paste this in


      /md5start
      UXTHEME.DLL
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      userinit.exe
      explorer.exe
      winlogon.exe
      ntoskrnl.exe
      atapi.sys
      /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your reply.

I'll be checking on you later in the morning. Good night.
  • 0

#3
Gedmateo
Posted 19 February 2013 - 03:28 AM

Gedmateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Happy to be here!!!

Okay so I ran into a problem, Im not sure the severity, or if it has an impact or not. I downloaded the OTLPE file to my desktop (I also extracted the folders per you instructions), and the eeepcfr.zip and extracted it to "C:/". Then I clicked on usb_prep8.cmd, and hit enter in the command prompt. When I hit start PEtoUSB did not recognize my usb.

Edited by Gedmateo, 19 February 2013 - 03:34 AM.

  • 0

#4
JSntgRvr
Posted 19 February 2013 - 06:16 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Even after selecting it? Try another USB port.
  • 0

#5
Gedmateo
Posted 19 February 2013 - 02:38 PM

Gedmateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Okay I tried another usb port, and it still not recognizing, (I also tried it from someone else's computer). Sorry I was a bit sleepy, so i forgot to post the message, But the error message is "No USB Disks Found!".

I'm not sure if this information is helpful or not, but afterwards I googled PEtoUSB , and a few sources said to run as Admin. Taking that knowledge I ran usb_prep8.cmd as administrator. After running as admin, the command prompt popped up, I pressed enter, but PEtoUSB didnt pop-up. After that, I went into the usb_prep8 folder, and ran PEtoUSB as an administrator and I did locate my usb, However the command prompt didnt did not pop up.
  • 0

#6
JSntgRvr
Posted 19 February 2013 - 04:59 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Okay I tried another usb port, and it still not recognizing, (I also tried it from someone else's computer). Sorry I was a bit sleepy, so i forgot to post the message, But the error message is "No USB Disks Found!".

I'm not sure if this information is helpful or not, but afterwards I googled PEtoUSB , and a few sources said to run as Admin. Taking that knowledge I ran usb_prep8.cmd as administrator. After running as admin, the command prompt popped up, I pressed enter, but PEtoUSB didnt pop-up. After that, I went into the usb_prep8 folder, and ran PEtoUSB as an administrator and I did locate my usb, However the command prompt didnt did not pop up.

What would happen if you disregard the Command prompt window?
  • 0

#7
Gedmateo
Posted 19 February 2013 - 07:30 PM

Gedmateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
when I run PEtoUSB as an administrator and select the OPTLE Folder as source path, it writes reatogo(and its associating files to my drive) to my USB drive. However my XP wont boot from this alone, and gives the error message
"Remove disks or other media
Press any key to restart"
  • 0

#8
JSntgRvr
Posted 19 February 2013 - 10:30 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
You have to make it bootable.

After the files of the ISO file are transferred, Open the eeepcfr folder, then the bootsect folder.

Copy both files in the bootsect to the USB flashdrive.

Open an administrator command prompt (Click on the Start button, type CMD in the Search Box and press Ctrl+Shift+Enter), click on Continue. The window will open at the C:\Windows\System32 prompt. At the prompt type X:, where X is the drive letter to your USB flashdrive. The prompt will change to the drive letter of the flashdrive. At this prompt copy and paste the following and press Enter:

bootsect.exe /nt52 X:

Again, the X is the letter to the flashdrive (must change it before pressing Enter)

The drive should be bootable now. Give it a try.
  • 0

#9
Gedmateo
Posted 19 February 2013 - 11:55 PM

Gedmateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Okay so I followed your instructions

here are the contents of OTL.txt
I also attached the file just in case the logs are a little much to read in between posts.

OTL logfile created on: 2/19/2013 9:30:23 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.01 Gb Total Space | 18.75 Gb Free Space | 46.86% Space Free | Partition Type: NTFS
Drive D: | 99.04 Gb Total Space | 98.85 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 9.93 Gb Free Space | 99.37% Space Free | Partition Type: NTFS
Drive X: | 1.90 Gb Total Space | 1.55 Gb Free Space | 81.53% Space Free | Partition Type: FAT

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (PC Performer Manager)
SRV - File not found [Auto] -- -- (MSK80Service)
SRV - File not found [Auto] -- -- (MpfService)
SRV - File not found [On_Demand] -- -- (McSysmon)
SRV - File not found [Auto] -- -- (McShield)
SRV - File not found [Auto] -- -- (McProxy)
SRV - File not found [On_Demand] -- -- (McODS)
SRV - File not found [Auto] -- -- (McNASvc)
SRV - File not found [Auto] -- -- (mcmscsvc)
SRV - File not found [Auto] -- -- (McAfee SiteAdvisor Service)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/29 03:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/20 15:09:58 | 000,188,760 | ---- | M] () [Auto] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2012/11/14 05:56:18 | 001,049,456 | ---- | M] () [Auto] -- C:\WINDOWS\system32\dmwu.exe -- (IBUpdaterService)
SRV - [2012/10/05 10:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2009/09/11 18:17:08 | 000,160,432 | ---- | M] (Digital Delivery Networks, Inc.) [Auto] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2009/07/09 13:43:54 | 000,172,720 | ---- | M] (Digital Delivery Networks, Inc.) [Auto] -- C:\Program Files\DDNI\Sylvania lightwave\DDNIMSGService.exe -- (DDNIMSGService)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled] -- -- (ultra)
DRV - File not found [Kernel | Disabled] -- -- (TosIde)
DRV - File not found [Kernel | Disabled] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled] -- -- (symc810)
DRV - File not found [Kernel | Disabled] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand] -- -- (RTSTOR)
DRV - File not found [Kernel | On_Demand] -- -- (rtl8187Se)
DRV - File not found [Kernel | Disabled] -- -- (ql1280)
DRV - File not found [Kernel | Disabled] -- -- (ql1240)
DRV - File not found [Kernel | Disabled] -- -- (ql12160)
DRV - File not found [Kernel | Disabled] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled] -- -- (ql1080)
DRV - File not found [Kernel | Disabled] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled] -- -- (perc2)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled] -- -- (mraid35x)
DRV - File not found [Kernel | System] -- -- (MPFP)
DRV - File not found [Kernel | On_Demand] -- -- (mfesmfk)
DRV - File not found [Kernel | On_Demand] -- -- (mferkdk)
DRV - File not found [Kernel | System] -- -- (mfehidk)
DRV - File not found [Kernel | On_Demand] -- -- (mfebopk)
DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled] -- -- (IntelIde)
DRV - File not found [Kernel | Disabled] -- -- (ini910u)
DRV - File not found [Kernel | Disabled] -- -- (i2omp)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled] -- -- (hpn)
DRV - File not found [Kernel | Disabled] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled] -- -- (dac2w2k)
DRV - File not found [Kernel | Disabled] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled] -- -- (CmdIde)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand] -- -- (btwhid)
DRV - File not found [Kernel | On_Demand] -- -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand] -- -- (BTDriver)
DRV - File not found [Kernel | On_Demand] -- -- (btaudio)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (asc3550)
DRV - File not found [Kernel | Disabled] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled] -- -- (asc)
DRV - File not found [Kernel | On_Demand] -- -- (ApfiltrService)
DRV - File not found [Kernel | Disabled] -- -- (amsint)
DRV - File not found [Kernel | Disabled] -- -- (AliIde)
DRV - File not found [Kernel | Disabled] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2012/07/04 09:05:18 | 000,139,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2011/08/17 08:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/08 09:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2011/04/21 08:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2011/02/17 08:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/11/02 10:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2010/04/06 13:13:04 | 005,912,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/26 10:03:14 | 000,132,720 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2010/03/16 21:17:54 | 001,754,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2010/02/25 06:27:14 | 000,070,512 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\JME.sys -- (JME)
DRV - [2010/02/24 05:36:52 | 000,571,296 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rtl8192se.sys -- (RTL8192se)
DRV - [2009/11/18 02:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 02:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/08/26 21:41:08 | 000,049,920 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2009/08/26 21:41:04 | 000,016,496 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2009/08/26 21:40:06 | 000,021,568 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2009/06/26 05:21:29 | 000,130,816 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/06/22 15:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/02/12 20:29:14 | 000,088,576 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\VHDISK.sys.rmv -- (VHDISK)
DRV - [2009/02/12 19:01:48 | 000,020,864 | ---- | M] (SoftLumos) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\IdeFlter.sys -- (IdeFlter)
DRV - [2009/01/06 19:49:32 | 000,036,992 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\VolFlter.sys -- (VolFlter)
DRV - [2009/01/06 19:49:32 | 000,019,456 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VxDevice.sys -- (VxDevice)
DRV - [2008/11/11 17:48:30 | 000,073,216 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot] -- C:\WINDOWS\system32\drivers\mulsys.sys -- (Mulsys)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/14 08:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 07:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 07:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/14 07:00:00 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/14 07:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/14 07:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/14 07:00:00 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/14 07:00:00 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/14 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/14 07:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/14 07:00:00 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 07:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/14 07:00:00 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2008/04/14 07:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2008/04/14 07:00:00 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 07:00:00 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/14 07:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport)
DRV - [2008/04/14 07:00:00 | 000,079,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus)
DRV - [2008/04/14 07:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/14 07:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/14 07:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/14 07:00:00 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/14 07:00:00 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\serial.sys -- (Serial)
DRV - [2008/04/14 07:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/14 07:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/14 07:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/14 07:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/14 07:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/14 07:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/14 07:00:00 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/14 07:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/14 07:00:00 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/14 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/14 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/14 07:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/14 07:00:00 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/14 07:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/14 07:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/04/14 07:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2008/04/14 07:00:00 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/14 07:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/14 07:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/14 07:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/14 07:00:00 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbstor.sys -- (usbstor)
DRV - [2008/04/14 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/14 07:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 07:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/14 07:00:00 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/14 07:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/14 07:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 07:00:00 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/14 07:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/14 07:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2008/04/14 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 07:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2008/04/14 07:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/14 07:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/14 07:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2008/04/14 07:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2008/04/14 07:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/14 07:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2008/04/14 07:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/14 07:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/14 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/04/14 07:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2008/04/14 07:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2008/04/14 07:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2008/04/14 07:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2008/04/14 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2008/04/14 07:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2008/04/14 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2008/04/14 03:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/14 03:47:20 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/14 03:45:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/14 03:15:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/14 03:15:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/14 03:15:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/14 03:15:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/14 03:15:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/14 03:15:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2008/04/14 03:09:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/14 03:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/14 02:15:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/14 02:15:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/14 02:15:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/14 02:06:46 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/14 01:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/14 00:15:36 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 23:17:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 19:16:26 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NABTSFEC.sys -- (NABTSFEC)
DRV - [2008/04/13 19:16:26 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS -- (WSTCODEC)
DRV - [2008/04/13 19:16:24 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CCDECODE.sys -- (CCDECODE)
DRV - [2008/04/13 19:16:24 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SLIP.sys -- (SLIP)
DRV - [2008/04/13 19:16:24 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NdisIP.sys -- (NdisIP)
DRV - [2008/04/13 19:16:22 | 000,121,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV - [2008/04/13 19:16:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\StreamIP.sys -- (streamip)
DRV - [2008/04/13 19:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 19:09:54 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2008/04/13 19:09:52 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2008/04/13 19:09:52 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2008/04/13 19:09:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2008/04/13 19:06:40 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/04/13 19:06:38 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CmBatt.sys -- (CmBatt)
DRV - [2008/04/13 19:06:38 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\compbatt.sys -- (Compbatt)
DRV - [2006/11/02 10:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000)
DRV - [2006/09/28 22:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 21:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2001/08/17 16:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 15:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 08:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...yB&cr=906304034
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digitalgadgets.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\dres_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\dres_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\dres_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=14717&l=dis
IE - HKU\dres_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found
IE - HKU\dres_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\dres_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jin_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.condui...&ctid=CT3227981
IE - HKU\jin_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\jin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\jin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKU\jin_ON_C\..\URLSearchHook: {6926c7f7-6006-42d1-b046-eba1b3010315} - C:\Program Files\appbario7\prxtbappb.dll (Conduit Ltd.)
IE - HKU\jin_ON_C\..\URLSearchHook: {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files\Vgrabber_v1\prxtbVgr0.dll (Conduit Ltd.)
IE - HKU\jin_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\jin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digitalgadgets.com

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digitalgadgets.com


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/04/25 22:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/12/18 17:24:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/10 03:52:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/01 18:23:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/10 03:51:03 | 000,000,000 | ---D | M]

[2012/12/14 20:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dres\Application Data\Mozilla\Extensions
[2012/12/14 20:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dres\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/01/10 01:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dres\Application Data\Mozilla\Firefox\Profiles\z3woetc5.default\extensions
[2012/12/14 20:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dres\Application Data\Mozilla\Firefox\Profiles\z3woetc5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/01/10 01:44:41 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Documents and Settings\dres\Application Data\Mozilla\Firefox\Profiles\z3woetc5.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2013/01/10 01:18:16 | 000,000,000 | ---D | M] ("Deal Boat") -- C:\Documents and Settings\dres\Application Data\Mozilla\Firefox\Profiles\z3woetc5.default\extensions\[email protected]
[2012/12/14 20:31:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dres\Application Data\Mozilla\Firefox\Profiles\z3woetc5.default\extensions\staged-xpis
[2013/01/10 01:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dres\Application Data\Mozilla\Firefox\Profiles\z3woetc5.default\extensions\[email protected]\chrome\content\extensionCode
[2013/01/10 01:45:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/01 18:23:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/27 15:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2013/01/10 03:51:02 | 000,153,296 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2013/01/10 03:50:47 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/11/29 03:27:12 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/11/29 03:27:12 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/12/14 20:32:44 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013/01/10 01:44:15 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/11/29 03:27:12 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/11/29 03:27:12 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Shopping Sidekick) - {11111111-1111-1111-1111-110011501158} - C:\Program Files\Shopping Sidekick\Shopping Sidekick.dll (215 Apps)
O2 - BHO: (Deal Boat) - {11111111-1111-1111-1111-110111271147} - C:\Program Files\Deal Boat\Deal Boat.dll (215 Apps)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O2 - BHO: (appbario7 Toolbar) - {6926c7f7-6006-42d1-b046-eba1b3010315} - C:\Program Files\appbario7\prxtbappb.dll (Conduit Ltd.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Vgrabber v1 Toolbar) - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files\Vgrabber_v1\prxtbVgr0.dll (Conduit Ltd.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - File not found
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (appbario7 Toolbar) - {6926c7f7-6006-42d1-b046-eba1b3010315} - C:\Program Files\appbario7\prxtbappb.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vgrabber v1 Toolbar) - {7f7f82f1-7c95-47cd-814f-950b56d58fc3} - C:\Program Files\Vgrabber_v1\prxtbVgr0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - File not found
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\dres_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\jin_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LightWaveUser] C:\Program Files\DDNI\Sylvania lightwave\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [mcagent_exe] File not found
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\dres_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\dres_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\jin_ON_C..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\jin_ON_C..\Run: [Google Update] C:\Documents and Settings\jin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\jin_ON_C..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\jin\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\dres_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\jin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL) - C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\pcperf~1\25945~1.13\{fc772~1\pcpmngr.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/22 16:19:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 02:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/02/11 01:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jin\Application Data\AVG2013
[2013/02/11 01:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/02/11 01:38:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jin\Application Data\TuneUp Software
[2013/02/11 01:37:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/02/11 01:37:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/02/11 01:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/02/11 01:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/02/11 01:26:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/02/11 01:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jin\Local Settings\Application Data\MFAData
[2013/02/11 01:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/02/11 01:26:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jin\Local Settings\Application Data\Avg2013
[2013/02/11 01:26:21 | 004,437,456 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\jin\Desktop\avg_free_stb_all_2013_2897_cnet.exe
[2013/02/11 01:11:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013/02/10 00:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jin\Local Settings\Application Data\DoNotTrackPlus
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\dres\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\dres\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/11 02:47:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/11 02:41:26 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D72817CE-D4D2-4D56-9C28-5C6AC5DC67A7}.job
[2013/02/11 02:16:03 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2548637248-3892921697-2339981114-1005UA.job
[2013/02/11 02:06:09 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/11 02:00:58 | 000,000,036 | ---- | M] () -- C:\WINDOWS\avgui.INI
[2013/02/11 01:38:14 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/02/11 01:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/02/11 01:26:43 | 004,437,456 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\jin\Desktop\avg_free_stb_all_2013_2897_cnet.exe
[2013/02/11 01:18:28 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2548637248-3892921697-2339981114-1005.job
[2013/02/11 01:18:24 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2548637248-3892921697-2339981114-1005.job
[2013/02/11 01:17:55 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/08 19:46:08 | 000,010,726 | ---- | M] () -- C:\Documents and Settings\jin\My Documents\Vocab-list.odt
[2013/02/08 19:46:07 | 000,000,129 | -H-- | M] () -- C:\Documents and Settings\jin\My Documents\.~lock.Vocab-list.odt#
[2013/02/08 18:40:23 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/02 01:34:24 | 003,838,828 | ---- | M] () -- C:\Documents and Settings\jin\Desktop\videoplayback.flv
[2013/02/01 23:56:53 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\jin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/01 23:50:33 | 000,001,016 | ---- | M] () -- C:\Documents and Settings\jin\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/01 23:49:38 | 000,000,996 | ---- | M] () -- C:\Documents and Settings\jin\Desktop\Dropbox.lnk
[2013/02/01 23:44:26 | 000,000,000 | ---- | M] () -- C:\END
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\dres\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\dres\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/11 02:00:58 | 000,000,036 | ---- | C] () -- C:\WINDOWS\avgui.INI
[2013/02/11 01:38:14 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/02/08 19:46:07 | 000,010,726 | ---- | C] () -- C:\Documents and Settings\jin\My Documents\Vocab-list.odt
[2013/02/08 19:46:07 | 000,000,129 | -H-- | C] () -- C:\Documents and Settings\jin\My Documents\.~lock.Vocab-list.odt#
[2013/02/02 01:32:26 | 003,838,828 | ---- | C] () -- C:\Documents and Settings\jin\Desktop\videoplayback.flv
[2013/01/18 13:44:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2013/01/18 13:44:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2013/01/10 03:56:36 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\jin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/18 17:24:04 | 001,049,456 | ---- | C] () -- C:\WINDOWS\System32\dmwu.exe
[2012/12/18 17:24:04 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll
[2012/12/06 14:01:27 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\jin\Local Settings\Application Data\store-pp.jbs
[2012/12/06 05:56:59 | 000,031,465 | ---- | C] () -- C:\Documents and Settings\jin\Local Settings\Application Data\funmoods.crx
[2012/02/16 14:20:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/04/12 18:49:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/12 04:09:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/11 13:54:19 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\VHDISK.sys.rmv
[2010/10/11 13:54:19 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SaasApi.dll
[2010/10/11 13:54:19 | 000,036,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\VolFlter.sys
[2010/10/11 13:54:19 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\VxDevice.sys
[2010/10/11 13:54:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ipclib.dll
[2010/08/28 10:12:40 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2009/12/24 20:56:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/12/22 17:22:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/12/22 17:13:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/12/22 16:21:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/22 16:17:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/22 15:03:40 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/12/22 15:03:32 | 000,557,146 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/22 15:03:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/12/22 15:03:32 | 000,119,544 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/22 15:03:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/12/22 15:03:32 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/12/22 15:03:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/12/22 15:03:31 | 000,004,567 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/12/22 15:03:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/12/22 15:03:30 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/12/22 15:03:30 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/12/22 15:03:27 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/12/22 15:03:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/12/22 08:11:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/22 08:10:04 | 000,192,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2012/06/13 12:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\ID Vault
[2011/04/12 04:10:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2013/01/02 09:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dres\Application Data\ID Vault
[2013/02/11 01:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jin\Application Data\AVG2013
[2013/01/18 14:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jin\Application Data\CheckPoint
[2013/02/11 01:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jin\Application Data\Dropbox
[2012/12/06 13:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jin\Application Data\Funmoods
[2013/01/02 09:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jin\Application Data\ID Vault
[2013/01/10 01:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jin\Application Data\ilividtoolbarguid
[2012/12/20 15:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jin\Application Data\Incredibar.com
[2012/12/15 12:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jin\Application Data\LibreOffice
[2013/02/08 18:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jin\Application Data\Maxthon3
[2013/01/18 17:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jin\Application Data\PerformerSoft
[2013/02/11 01:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jin\Application Data\TuneUp Software
[2013/02/11 02:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/01/18 17:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/02/11 01:26:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/12/24 20:35:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DDNI
[2011/04/12 04:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GuardID Systems
[2013/01/10 00:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2011/04/12 04:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2013/02/11 01:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/02/02 15:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Performer Manager
[2012/06/13 12:45:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2013/01/10 01:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wincert
[2012/12/06 05:57:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2013/02/11 02:41:26 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D72817CE-D4D2-4D56-9C28-5C6AC5DC67A7}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 02:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/14 07:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008/04/14 03:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/14 03:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/14 03:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys
[2008/04/14 03:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 07:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTOSKRNL.EXE >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ntoskrnl.exe
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:ntoskrnl.exe
[2012/05/04 08:20:50 | 002,192,640 | ---- | M] (Microsoft Corporation) MD5=099A0F80A563EBE935F4A9750F96C219 -- C:\WINDOWS\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[2011/10/25 08:37:08 | 002,148,864 | ---- | M] (Microsoft Corporation) MD5=3B663B9B193D7E1DE39A466020F1FD91 -- C:\WINDOWS\$NtUninstallKB2676562$\ntoskrnl.exe
[2008/04/14 07:00:00 | 002,145,280 | ---- | M] (Microsoft Corporation) MD5=40F8880122A030A7E9E1FEDEA833B33D -- C:\WINDOWS\$NtUninstallKB2393802$\ntoskrnl.exe
[2012/08/21 08:29:19 | 002,192,896 | ---- | M] (Microsoft Corporation) MD5=49FB9F4A7CE25B82B1E00C402783F5C5 -- C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
[2012/08/21 08:29:19 | 002,192,896 | ---- | M] (Microsoft Corporation) MD5=49FB9F4A7CE25B82B1E00C402783F5C5 -- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
[2010/12/09 08:42:26 | 002,148,864 | ---- | M] (Microsoft Corporation) MD5=60E16152D847D7A7B7D3DA4C4B8E2120 -- C:\WINDOWS\$NtUninstallKB2633171$\ntoskrnl.exe
[2012/04/11 08:22:15 | 002,192,640 | ---- | M] (Microsoft Corporation) MD5=8D061BB825BC606C2B1C6F7452D1BAAA -- C:\WINDOWS\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[2012/04/11 08:14:41 | 002,148,352 | ---- | M] (Microsoft Corporation) MD5=A144D60B35E6DD14CCB9649B5E0D1092 -- C:\WINDOWS\$NtUninstallKB2707511$\ntoskrnl.exe
[2010/12/09 08:43:18 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=A531BBD3DE13121C1380ED7DC99082DB -- C:\WINDOWS\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[2012/05/04 08:16:13 | 002,148,352 | ---- | M] (Microsoft Corporation) MD5=AC4B3C4A6DC31867034C66663B9B8A38 -- C:\WINDOWS\$NtUninstallKB2724197$\ntoskrnl.exe
[2012/08/21 08:33:26 | 002,148,864 | ---- | M] (Microsoft Corporation) MD5=B9A14D5875CE262774388BD43BA56FF3 -- C:\WINDOWS\system32\ntoskrnl.exe
[2012/08/21 08:48:40 | 002,193,024 | ---- | M] (Microsoft Corporation) MD5=ECA5980E1A78DBF9CB7F49F76791C0D1 -- C:\WINDOWS\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[2009/02/07 21:35:26 | 002,189,184 | ---- | M] (Microsoft Corporation) MD5=EFE8EACE83EAAD5849A7A548FB75B584 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[2011/10/25 08:34:49 | 002,192,768 | ---- | M] (Microsoft Corporation) MD5=F512C662874D7545E5BD8005E6800A44 -- C:\WINDOWS\$hf_mig$\KB2633171\SP3QFE\ntoskrnl.exe

< MD5 for: SCECLI.DLL >
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 07:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: UXTHEME.DLL >
[2008/04/14 07:00:00 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\system32\dllcache\uxtheme.dll
[2008/04/14 07:00:00 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- C:\WINDOWS\system32\uxtheme.dll

< MD5 for: WINLOGON.EXE >
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< End of report >

Attached Files

  • Attached File  OTL.txt   150.98KB   212 downloads

Edited by Gedmateo, 20 February 2013 - 04:11 AM.

  • 0

#10
JSntgRvr
Posted 20 February 2013 - 10:59 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Still I can see the reason.

:Step1

Lets attempt to Create a bootlog.

1. Restart the computer and press F8 when Windows start booting. This will bring up the startup options.

2. Select “Enable Boot Logging” option and press enter.

3. Windows prompts for you to select a Windows Installation (even if there is only one windows installation)

This boots windows normally and creates a boot log named ntbtlog.txt and saves it to the C:\Windows folder which can be accessed throughout Reatogo to see if there was a troublesome driver. I we are able to produce this file. Copy it from the C: drive to the USB flash drive and attach it to a reply.

:Step2:

Also, throughout Reatogo, browse to the C:\ folder. Right click the Boot.ini file and select Edit. Copy and paste its contents to a notepad document and post it also in a reply.

:Step3:

Download Farbar Recovery Scan Tool and save it to the flash drive.

Boot to Reatogo.

  • Single click My computer from your Reatogo desktop to navigate to the Farbar Recovery Scan Tool you saved to your flash drive.
  • Double click on it to begin running the tool.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your next reply.

  • 0

Advertisements

#11
Gedmateo
Posted 20 February 2013 - 03:48 PM

Gedmateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It seems as if its not writing the file, I enabled boot logging and selected XP, then I went to C:\Windows but for some reason the ntbtlog.txt file isnt there.


Here are the contents of boot.ini

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect


Here are the contents of FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-02-2013 01
Ran by SYSTEM at 20-02-2013 13:31:06
Running from X:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-02-20 13:28 - 2013-02-20 13:28 - 00000000 ____D C:\FRST
2013-02-19 21:37 - 2013-02-19 21:37 - 00154604 ____A C:\OTL.Txt
2013-02-16 18:09 - 2013-02-16 18:09 - 25473024 ____N C:\Windows\System32\config\software.rp
2013-02-16 18:09 - 2013-02-16 18:09 - 06287360 ____N C:\Windows\System32\config\system.rp
2013-02-16 18:09 - 2013-02-16 18:09 - 00073728 ____N C:\Windows\System32\config\SECURITY.rp
2013-02-16 18:09 - 2013-02-16 18:09 - 00024576 ____N C:\Windows\System32\config\SAM.rp
2013-02-11 02:00 - 2013-02-11 02:00 - 00000036 ____A C:\Windows\avgui.INI
2013-02-11 01:40 - 2013-02-11 01:40 - 00000000 ____D C:\Documents and Settings\jin\Application Data\AVG2013
2013-02-11 01:38 - 2013-02-11 01:38 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-02-11 01:38 - 2013-02-11 01:38 - 00000000 ____D C:\Documents and Settings\jin\Application Data\TuneUp Software
2013-02-11 01:37 - 2013-02-11 02:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-02-11 01:37 - 2013-02-11 01:38 - 00000000 ____D C:\Windows\LastGood
2013-02-11 01:37 - 2013-02-11 01:37 - 00000000 ___HD C:\$AVG
2013-02-11 01:36 - 2013-02-11 01:36 - 00000000 ____D C:\Program Files\AVG
2013-02-11 01:26 - 2013-02-11 01:51 - 00000000 ____D C:\Documents and Settings\jin\Local Settings\Application Data\Avg2013
2013-02-11 01:26 - 2013-02-11 01:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-02-11 01:26 - 2013-02-11 01:26 - 04437456 ____A (AVG Technologies) C:\Documents and Settings\jin\Desktop\avg_free_stb_all_2013_2897_cnet.exe
2013-02-11 01:26 - 2013-02-11 01:26 - 00000000 ____D C:\Documents and Settings\jin\Local Settings\Application Data\MFAData
2013-02-11 01:11 - 2013-02-11 01:11 - 00000000 ____D C:\Windows\System32\NtmsData
2013-02-10 00:35 - 2013-02-10 00:35 - 00000000 ____D C:\Documents and Settings\jin\Local Settings\Application Data\DoNotTrackPlus
2013-02-08 19:46 - 2013-02-08 19:46 - 00010726 ____A C:\Documents and Settings\jin\My Documents\Vocab-list.odt
2013-02-08 19:46 - 2013-02-08 19:46 - 00000129 ___AH C:\Documents and Settings\jin\My Documents\.~lock.Vocab-list.odt#
2013-02-02 01:32 - 2013-02-02 01:34 - 03838828 ____A C:\Documents and Settings\jin\Desktop\videoplayback.flv

==================== One Month Modified Files and Folders ========

2013-02-20 13:28 - 2013-02-20 13:28 - 00000000 ____D C:\FRST
2013-02-19 21:37 - 2013-02-19 21:37 - 00154604 ____A C:\OTL.Txt
2013-02-16 18:09 - 2013-02-16 18:09 - 25473024 ____N C:\Windows\System32\config\software.rp
2013-02-16 18:09 - 2013-02-16 18:09 - 06287360 ____N C:\Windows\System32\config\system.rp
2013-02-16 18:09 - 2013-02-16 18:09 - 00073728 ____N C:\Windows\System32\config\SECURITY.rp
2013-02-16 18:09 - 2013-02-16 18:09 - 00024576 ____N C:\Windows\System32\config\SAM.rp
2013-02-11 02:47 - 2009-12-22 08:10 - 00262144 ____A C:\Windows\System32\config\SECURITY.orig
2013-02-11 02:47 - 2009-12-22 08:10 - 00262144 ____A C:\Windows\System32\config\SAM.orig
2013-02-11 02:47 - 2009-12-22 08:09 - 25690112 ____A C:\Windows\System32\config\software.orig
2013-02-11 02:47 - 2009-12-22 08:09 - 06553600 ____A C:\Windows\System32\config\system.orig
2013-02-11 02:46 - 2010-10-14 11:18 - 00000178 __ASH C:\Documents and Settings\jin\ntuser.ini
2013-02-11 02:46 - 2009-12-22 16:22 - 00032600 ____A C:\Windows\SchedLgU.Txt
2013-02-11 02:46 - 2009-12-22 16:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-11 02:46 - 2009-12-22 16:17 - 01923272 ____A C:\Windows\WindowsUpdate.log
2013-02-11 02:46 - 2009-12-22 08:14 - 00000275 ____A C:\Windows\wiadebug.log
2013-02-11 02:46 - 2009-12-22 08:14 - 00000049 ____A C:\Windows\wiaservc.log
2013-02-11 02:41 - 2011-04-12 04:56 - 00000436 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{D72817CE-D4D2-4D56-9C28-5C6AC5DC67A7}.job
2013-02-11 02:38 - 2013-02-11 01:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-02-11 02:16 - 2013-01-01 18:11 - 00000970 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2548637248-3892921697-2339981114-1005UA.job
2013-02-11 02:06 - 2011-12-16 23:09 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-11 02:00 - 2013-02-11 02:00 - 00000036 ____A C:\Windows\avgui.INI
2013-02-11 01:51 - 2013-02-11 01:26 - 00000000 ____D C:\Documents and Settings\jin\Local Settings\Application Data\Avg2013
2013-02-11 01:48 - 2013-02-11 01:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-02-11 01:40 - 2013-02-11 01:40 - 00000000 ____D C:\Documents and Settings\jin\Application Data\AVG2013
2013-02-11 01:38 - 2013-02-11 01:38 - 00000702 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-02-11 01:38 - 2013-02-11 01:38 - 00000000 ____D C:\Documents and Settings\jin\Application Data\TuneUp Software
2013-02-11 01:38 - 2013-02-11 01:37 - 00000000 ____D C:\Windows\LastGood
2013-02-11 01:38 - 2011-04-12 13:12 - 00518830 ____A C:\Windows\setupapi.log
2013-02-11 01:37 - 2013-02-11 01:37 - 00000000 ___HD C:\$AVG
2013-02-11 01:36 - 2013-02-11 01:36 - 00000000 ____D C:\Program Files\AVG
2013-02-11 01:26 - 2013-02-11 01:26 - 04437456 ____A (AVG Technologies) C:\Documents and Settings\jin\Desktop\avg_free_stb_all_2013_2897_cnet.exe
2013-02-11 01:26 - 2013-02-11 01:26 - 00000000 ____D C:\Documents and Settings\jin\Local Settings\Application Data\MFAData
2013-02-11 01:20 - 2009-12-22 16:16 - 00000000 ____D C:\Windows\Registration
2013-02-11 01:19 - 2013-01-08 22:57 - 00000000 ___RD C:\Documents and Settings\jin\My Documents\Dropbox
2013-02-11 01:19 - 2013-01-08 20:34 - 00000000 ____D C:\Documents and Settings\jin\Application Data\Dropbox
2013-02-11 01:18 - 2013-01-10 03:54 - 00000282 ____A C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2548637248-3892921697-2339981114-1005.job
2013-02-11 01:18 - 2013-01-10 03:54 - 00000274 ____A C:\Windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2548637248-3892921697-2339981114-1005.job
2013-02-11 01:17 - 2011-12-16 23:09 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-11 01:17 - 2010-10-14 11:18 - 00000062 __ASH C:\Documents and Settings\jin\Local Settings\desktop.ini
2013-02-11 01:17 - 2009-12-22 16:22 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-02-11 01:17 - 2009-12-22 16:22 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-02-11 01:11 - 2013-02-11 01:11 - 00000000 ____D C:\Windows\System32\NtmsData
2013-02-11 01:11 - 2009-12-22 08:04 - 00000000 ____D C:\Windows\repair
2013-02-11 01:06 - 2011-04-12 04:09 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-02-10 00:35 - 2013-02-10 00:35 - 00000000 ____D C:\Documents and Settings\jin\Local Settings\Application Data\DoNotTrackPlus
2013-02-10 00:34 - 2011-12-16 23:09 - 00000000 ____D C:\Documents and Settings\jin\Local Settings\Application Data\Google
2013-02-08 19:46 - 2013-02-08 19:46 - 00010726 ____A C:\Documents and Settings\jin\My Documents\Vocab-list.odt
2013-02-08 19:46 - 2013-02-08 19:46 - 00000129 ___AH C:\Documents and Settings\jin\My Documents\.~lock.Vocab-list.odt#
2013-02-08 19:18 - 2011-04-12 04:09 - 00000000 ____D C:\Documents and Settings\jin\Application Data\Mozilla
2013-02-08 18:53 - 2013-01-10 00:21 - 00000000 ____D C:\Documents and Settings\jin\Application Data\Maxthon3
2013-02-08 18:40 - 2009-12-22 15:03 - 00001230 ____A C:\Windows\System32\wpa.dbl
2013-02-02 21:16 - 2013-01-18 14:10 - 00000000 ____D C:\Documents and Settings\jin\Application Data\vlc
2013-02-02 15:54 - 2013-01-10 00:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC Performer Manager
2013-02-02 01:34 - 2013-02-02 01:32 - 03838828 ____A C:\Documents and Settings\jin\Desktop\videoplayback.flv
2013-02-01 23:56 - 2013-01-10 03:56 - 00008192 ____A C:\Documents and Settings\jin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-01 23:54 - 2009-12-22 16:16 - 00021735 ____A C:\Windows\wmsetup.log
2013-02-01 23:49 - 2013-01-08 22:57 - 00000996 ____A C:\Documents and Settings\jin\Desktop\Dropbox.lnk
2013-02-01 23:44 - 2013-01-10 00:27 - 00000000 ____A C:\END


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

RP: -> 2013-01-11 12:34 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP99

RP: -> 2013-01-10 03:00 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP98

RP: -> 2013-01-09 12:53 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP97

RP: -> 2013-01-08 11:05 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP96

RP: -> 2013-01-06 20:43 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP95

RP: -> 2013-01-05 12:17 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP94

RP: -> 2013-01-04 09:45 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP93

RP: -> 2013-01-03 09:42 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP92

RP: -> 2013-01-02 09:28 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP91

RP: -> 2013-01-01 22:50 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP90

RP: -> 2012-12-31 09:53 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP89

RP: -> 2012-12-28 15:53 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP88

RP: -> 2012-12-27 14:46 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP87

RP: -> 2012-12-25 12:23 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP86

RP: -> 2012-12-24 02:02 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP85

RP: -> 2012-12-22 12:45 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP84

RP: -> 2012-12-20 18:32 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP83

RP: -> 2012-12-18 18:05 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP82

RP: -> 2012-12-15 12:50 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP81

RP: -> 2012-12-14 18:37 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP80

RP: -> 2012-12-06 01:30 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP79

RP: -> 2012-12-04 13:39 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP78

RP: -> 2012-12-02 03:32 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP77

RP: -> 2012-11-30 16:01 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP76

RP: -> 2012-11-25 05:33 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP75

RP: -> 2012-11-24 03:20 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP74

RP: -> 2012-11-21 14:34 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP73

RP: -> 2012-11-14 01:42 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP72

RP: -> 2013-02-11 01:37 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP106

RP: -> 2013-02-11 01:36 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP105

RP: -> 2013-02-08 20:52 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP104

RP: -> 2013-02-02 00:26 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP103

RP: -> 2013-01-17 23:41 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP102

RP: -> 2013-01-16 04:14 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP101

RP: -> 2013-01-15 23:12 - 024576 _restore{B2E76B0E-2251-4BE9-A462-0136E802410F}\RP100


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 2037.35 MB
Available physical RAM: 1786.48 MB
Total Pagefile: 1868.03 MB
Available Pagefile: 1790.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.96 MB

==================== Partitions =============================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:40.01 GB) (Free:18.75 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: () (Fixed) (Total:99.04 GB) (Free:98.85 GB) NTFS
4 Drive e: () (Fixed) (Total:10 GB) (Free:9.93 GB) NTFS
5 Drive x: (OTLPE) (Removable) (Total:1.9 GB) (Free:1.55 GB) FAT ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 40 GB 32 KB
Partition 2 Extended 109 GB 40 GB
Partition 3 Logical 99 GB 40 GB
Partition 4 Logical 10 GB 139 GB
=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 40 GB Healthy
=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D NTFS Partition 99 GB Healthy
=========================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E NTFS Partition 10 GB Healthy
=========================================================
==================== End Of Log ============================


Edited by Gedmateo, 20 February 2013 - 03:49 PM.

  • 0

#12
JSntgRvr
Posted 20 February 2013 - 08:59 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
If there is a file in the USB flashdrive labeled MBRDUMP.txt, please delete it.

Boot to Reatogo.

  • Once on the desktop, determine the drive letter assigned to your USB drive.
  • Once you have identified the drive letter to your USB drive, go back to the desktop.
  • Locate the icon for MBRFix and click on it.
  • At the command prompt type the following and press Enter:

MbrFix /drive 0 savembr X:\MBRDUMP.txt (Also change the X letter with the letter of your USB drive.)

Leave a space amond the following arguments:

MbrFix
/drive
0
savembr
X:\MBRDUMP.txt


The drive is Drive zero (Drive 0)

This will create a file in the USB drive labeled MBRDUMP.txt. Attach this file to a reply.
  • 0

#13
Gedmateo
Posted 20 February 2013 - 10:23 PM

Gedmateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Okay, I ran the MbrFIX command from MbrFix and it created a MBRDUMP.txt file.


Attached File  MBRDUMP.txt   512bytes   188 downloads
  • 0

#14
JSntgRvr
Posted 21 February 2013 - 02:23 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
The Master Boot Record looks clear now. I would like to replace the boot.ini in an attempt to create a bootlog.

Download the enclosed folder.

Extract its contents to the USB flashdrive. Once extracted, boot to Reatogo. Browse to the USB drive. Open the RepBootIni folder and double click on the RunMe.bat file.

Once done, attempt to boot the computer in Normal Mode twice. Then in Reatogo, check if the ntbtlog.txt is present in the C:\Windows folder. If it is, copy it to the USB drive and attach it to a reply.
  • 0

#15
Gedmateo
Posted 21 February 2013 - 07:18 PM

Gedmateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I ran RunMe.bat but the file still isnt showing up
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP