Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

XP won't boot, Infected with "boot.tidserv"

Started by Mikevel , Mar 07 2011 06:41 PM

This topic is locked

#16
JSntgRvr

Posted 09 March 2011 - 05:50 PM

Global Moderator

Global Moderator
11,579 posts

Boot to the OTLPE CD
Please double-click OTLPE.exe to run it as you did before.
Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
C:\NTDETECT.COM|D:\NTDETECT.COM /Replace
C:\ntldr|D:\ntldr /Replace
Return to OTLPE, right click in the "Custom Scans/Fixes" window and choose Paste.
Click the red Run Fix button.
A report will be produced and saved in the C:\_OTL\MovedFiles folder in the form of Date_Time.log. Open that report and post its contents in a reply.

If Successful, retry booting in Normal Mode

#17
Mikevel

Posted 09 March 2011 - 06:27 PM

Member

Topic Starter
Member
34 posts

========== FILES ==========
File C:\NTDETECT.COM successfully replaced with D:\NTDETECT.COM
File C:\ntldr successfully replaced with D:\ntldr

OTLPE by OldTimer - Version 3.1.45.0 log created on 03092011_192158

reboot to windows got this:

Windows could not start because the following file is missing or corrupt

<windows root>\system32\hal.dll
reinstall a copy of file

#18
JSntgRvr

Posted 09 March 2011 - 06:39 PM

Global Moderator

Global Moderator
11,579 posts

I need to see the contents of the Boot.ini file.

Download the enclosed folder.

Save and extract its contents to the USB drive.

Insert the USB drive in the troubled computer and boot to Reatogo, browse to the USB drive and double click on the BootQuery.bat file. If successful, the D:\boot.ini file will be copied to the USB Drive. Open this file in Notepad and post its contents in your next reply.

#19
Mikevel

Posted 09 March 2011 - 07:05 PM

Member

Topic Starter
Member
34 posts

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

#20
JSntgRvr

Posted 09 March 2011 - 07:42 PM

Global Moderator

Global Moderator
11,579 posts

This is very confusing. Some how I believe the the drive's positions have changed. Lets try this fix:

Download the enclosed folder.

Save and extract its contents to the USB drive.

Insert the USB drive in the troubled computer and boot to Reatogo, browse to the USB drive, Open the Bootfix folder and double click on the RunMe.bat file.

If successful, attempt to restart in Normal Mode.

Keep me posted.

#21
Mikevel

Posted 09 March 2011 - 07:54 PM

Member

Topic Starter
Member
34 posts

When i was trying to get the computer to boot from the cd drive a few days ago(it wouldn't) i was in the bios trying to get it to boot from the cd and was changing the boot sequence, could this be the problem.....there is 2 hard drives, which one should be listed in the boot sequence order(there is only one listed)
cd is #1
floopy drive #2
and hard drive is #3
could i have put the wrong hard drive in the boot sequence

I have hit f9 to restore defaults and saved

Edited by Mikevel, 09 March 2011 - 07:55 PM.

#22
Mikevel

Posted 09 March 2011 - 08:10 PM

Member

Topic Starter
Member
34 posts

ran boot fix:

Access denied

#23
JSntgRvr

Posted 09 March 2011 - 08:32 PM

Global Moderator

Global Moderator
11,579 posts

When i was trying to get the computer to boot from the cd drive a few days ago(it wouldn't) i was in the bios trying to get it to boot from the cd and was changing the boot sequence, could this be the problem.....there is 2 hard drives, which one should be listed in the boot sequence order(there is only one listed)
cd is #1
floopy drive #2
and hard drive is #3
could i have put the wrong hard drive in the boot sequence

I have hit f9 to restore defaults and saved

That may be a possibility. Can you select which hard drive you want to boot from in the BIOS? This is the second case I have handled with this issue this week, both with the same issue. Now that you have pressed f9, lets see an OTLPE scan. Chances are the drives have switched again.

Restart the computer back to the OTLPE CD.

Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
- Change Drivers to All
- Change Standard Registry to All
- Under the Custom Scan box paste this in
  
  netsvcs
  set /c
  /md5start
  UXTHEME.DLL
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  Userinit.exe
  Explorer.exe
  Winlogon.exe
  Regedit.exe
  SCLWAPI.dll
  /md5stop
  %SYSTEMDRIVE%\*.*
  %systemroot%\System32\config\*.sav
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive.
Please post the contents of the C:\OTL.txt file in your reply also.

#24
Mikevel

Posted 09 March 2011 - 10:52 PM

Member

Topic Starter
Member
34 posts

Pressed f9 in bios restored default settings. I don't think anything changed as i had pressed f9 to restore defaults yesterday....

Hd's are listed as:
SamsungSP1203n-SATA port 1
ST3120827As-PATA primary master

1st bootable hard drive is ST3120827As-PATA primary master. CD listed 1st, floopy 2nd, ST3120827A HD 3rd

I did try putting SamsungSP1203n in 1st HD position but couldn't get windows to boot, got a funny looking streaking white dots/black screen, said over limit or something

Here is file from scan:

OTL logfile created on: 3/9/2011 11:37:19 PM - Run
OTLPE by OldTimer - Version 3.1.45.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 304.00 Mb Available Physical Memory | 59.00% Memory free
458.00 Mb Paging File | 329.00 Mb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 111.79 Gb Total Space | 89.13 Gb Free Space | 79.73% Space Free | Partition Type: NTFS
Drive D: | 101.55 Gb Total Space | 63.36 Gb Free Space | 62.39% Space Free | Partition Type: FAT32
Drive E: | 10.22 Gb Total Space | 8.54 Gb Free Space | 83.49% Space Free | Partition Type: FAT32
Drive J: | 1.85 Gb Total Space | 1.85 Gb Free Space | 99.62% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto] -- D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- D:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 16:38:10 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- D:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2004/09/13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto] -- D:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2004/09/13 11:49:42 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto] -- D:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/04/06 17:14:10 | 000,254,224 | ---- | M] (Computer Associates International, Inc.) [Auto] -- D:\Program Files\CA\eTrust Antivirus\InoTask.exe -- (InoTask)
SRV - [2004/04/06 17:13:56 | 000,241,936 | ---- | M] (Computer Associates International, Inc.) [Auto] -- D:\Program Files\CA\eTrust Antivirus\InoRT.exe -- (InoRT)
SRV - [2004/04/06 17:13:54 | 000,139,536 | ---- | M] (Computer Associates International, Inc.) [Auto] -- D:\Program Files\CA\eTrust Antivirus\InoRpc.exe -- (InoRPC)
SRV - [2003/08/11 10:28:42 | 000,045,056 | ---- | M] ( ) [Auto] -- D:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Disabled] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | Disabled] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled] -- -- (Abiosdsk)
DRV - [2010/08/26 09:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2010/02/24 09:11:08 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System] -- D:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 07:18:42 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 20:13:22 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:28:40 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System] -- D:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:44 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:17:06 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- D:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 15:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:54 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- D:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:46 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:30 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- D:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:22 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- D:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:20 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:30 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 14:57:28 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:28 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 14:57:22 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:16 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:08 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System] -- D:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 14:51:26 | 000,061,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nic1394.sys -- (NIC1394)
DRV - [2008/04/13 14:51:26 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\arp1394.sys -- (Arp1394)
DRV - [2008/04/13 14:51:26 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 14:46:18 | 000,061,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2008/04/13 14:45:38 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 14:45:36 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:36 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 14:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 14:45:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled] -- D:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/04/13 14:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/13 14:41:02 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:50 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:32 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\viaide.sys -- (ViaIde)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:30 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/13 14:40:28 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:26 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:26 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\serenum.sys -- (Serenum)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:54 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:48 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- D:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- D:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:42 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:40 | 000,046,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2008/04/13 14:36:40 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\agpcpq.sys -- (agpCPQ)
DRV - [2008/04/13 14:36:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\viaagp.sys -- (viaagp)
DRV - [2008/04/13 14:36:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 14:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\alim1541.sys -- (alim1541)
DRV - [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\agp440.sys -- (agp440)
DRV - [2008/04/13 14:36:36 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:33:00 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot] -- D:\WINDOWS\system32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:52 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:40 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System] -- D:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:40 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System] -- D:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled] -- D:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 14:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\processr.sys -- (Processor)
DRV - [2008/04/13 12:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2007/11/13 05:25:54 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/09/19 14:44:04 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/10/26 20:35:38 | 000,820,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/11 11:20:38 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\wpdusb.sys -- (WpdUsb)
DRV - [2004/09/13 11:58:10 | 000,007,680 | ---- | M] (Ahead Software AG) [Recognizer | System] -- D:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2004/09/13 11:54:46 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System] -- D:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/09/13 11:54:06 | 000,093,440 | ---- | M] (Ahead Software AG) [File_System | Disabled] -- D:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/09/13 04:54:54 | 000,027,648 | ---- | M] (Ahead Software AG) [Kernel | System] -- D:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/08/04 05:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 05:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 05:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 05:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 05:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 05:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- D:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 05:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 05:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- D:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2004/08/04 05:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- D:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 05:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 05:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System] -- D:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2004/08/04 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- D:\WINDOWS\System32\winsock.dll -- (Winsock)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/22 07:32:34 | 000,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2004/05/18 13:55:26 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid)
DRV - [2004/04/10 10:10:12 | 000,153,344 | ---- | M] (Computer Associates) [File_System | Auto] -- D:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2004/03/23 09:13:58 | 000,467,200 | ---- | M] (Intel Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2003/12/08 18:55:14 | 000,019,712 | R--- | M] (Computer Associates) [File_System | Boot] -- D:\WINDOWS\system32\drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2003/11/12 13:56:36 | 000,221,848 | ---- | M] ( ) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2003/10/26 13:39:44 | 001,301,776 | ---- | M] ( ) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2003/10/26 13:31:02 | 000,086,872 | ---- | M] ( ) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2003/08/20 12:25:56 | 000,593,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003/08/18 08:30:26 | 000,548,888 | ---- | M] ( ) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2003/08/11 08:35:34 | 000,167,352 | ---- | M] ( ) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2003/07/03 14:15:20 | 000,100,256 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2003/07/02 15:12:52 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/05/08 21:00:56 | 000,033,248 | ---- | M] (Sonic Focus, Inc) [Kernel | System] -- D:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2002/09/20 10:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2002/09/03 07:50:24 | 000,076,976 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\pnp680r.sys -- (Pnp680r)
DRV - [2001/08/17 14:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\hpn.sys -- (hpn)
DRV - [2001/08/17 14:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\perc2.sys -- (perc2)
DRV - [2001/08/17 14:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx)
DRV - [2001/08/17 14:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001/08/17 14:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2001/08/17 13:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:50 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240)
DRV - [2001/08/17 13:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt)
DRV - [2001/08/17 13:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u)
DRV - [2001/08/17 13:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled] -- D:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/17 13:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf)
DRV - [2001/08/17 13:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)
DRV - [2001/08/17 13:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt)
DRV - [2001/08/17 13:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p)
DRV - [2001/08/17 13:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\amsint.sys -- (amsint)
DRV - [2001/08/17 13:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001/08/17 13:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:56 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\toside.sys -- (TosIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - D:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
IE - HKU\Administrator_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Janine_Velardi_ON_D\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Janine_Velardi_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\Janine_Velardi_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\Janine_Velardi_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Janine_Velardi_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Janine_Velardi_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www.direcwaysupport.com;192.168.0.*;<local>
IE - HKU\Janine_Velardi_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:87

IE - HKU\Michael_Velardi_ON_D\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Michael_Velardi_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\Michael_Velardi_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
IE - HKU\Michael_Velardi_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Michael_Velardi_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Michael_Velardi_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www.direcwaysupport.com;192.168.0.*;<local>
IE - HKU\Michael_Velardi_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:87

IE - HKU\Virginia_Velardi_ON_D\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Virginia_Velardi_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Virginia_Velardi_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\Virginia_Velardi_ON_D\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - D:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\Virginia_Velardi_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\Virginia_Velardi_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Virginia_Velardi_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = www.direcwaysupport.com;192.168.0.*;<local>;*.local
IE - HKU\Virginia_Velardi_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.0.1:87

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/06 03:04:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7CA51A89-0337-4FED-ADE2-A42310D091A2}: C:\Documents and Settings\Virginia Velardi\Local Settings\Application Data\{7CA51A89-0337-4FED-ADE2-A42310D091A2}\ [2010/11/29 19:08:20 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - D:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - D:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\Administrator_ON_D\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Janine_Velardi_ON_D\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Janine_Velardi_ON_D\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Janine_Velardi_ON_D\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Janine_Velardi_ON_D\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - D:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\Michael_Velardi_ON_D\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Michael_Velardi_ON_D\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Michael_Velardi_ON_D\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Michael_Velardi_ON_D\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - D:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\Virginia_Velardi_ON_D\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Virginia_Velardi_ON_D\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\Virginia_Velardi_ON_D\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\Virginia_Velardi_ON_D\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - D:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Google Desktop Search] D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] D:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Realtime Monitor] D:\Program Files\CA\eTrust Antivirus\Realmon.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [RemoteControl] D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMAX] D:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\Janine_Velardi_ON_D..\Run: [Aim6] File not found
O4 - HKU\Janine_Velardi_ON_D..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Janine_Velardi_ON_D..\Run: [MSMSGS] D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\Janine_Velardi_ON_D..\Run: [QuickTime Task] D:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\Michael_Velardi_ON_D..\Run: [Creative Detector] D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\Michael_Velardi_ON_D..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Michael_Velardi_ON_D..\Run: [PhotoShow Deluxe Media Manager] D:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
O4 - HKU\Virginia_Velardi_ON_D..\Run: [Aim] D:\Program Files\AIM7\aim.exe (AOL Inc.)
O4 - HKU\Virginia_Velardi_ON_D..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Virginia_Velardi_ON_D..\Run: [MSMSGS] D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Janine_Velardi_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Michael_Velardi_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Virginia_Velardi_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1120992338369 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1270757709703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - D:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - D:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - D:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - D:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - D:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - D:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - D:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - D:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - D:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - D:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: D:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - D:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - D:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - D:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - D:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - D:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/27 15:51:48 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/12/31 20:30:06 | 000,000,109 | ---- | M] () - J:\AUTORUN.FCB -- [ FAT ]
O32 - AutoRun File - [2010/01/10 17:44:24 | 000,000,090 | ---- | M] () - J:\Autorun.inf -- [ FAT ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/03/09 12:22:33 | 000,123,904 | ---- | C] (Systemintegrasjon AS) -- D:\MbrFix.exe
[2011/03/09 12:04:32 | 000,000,000 | ---D | C] -- D:\_OTL
[2011/03/07 13:16:08 | 000,000,000 | ---D | C] -- D:\NBRT
[2008/01/31 12:30:40 | 058,619,176 | ---- | C] (Apple Inc.) -- D:\Program Files\iTunesSetup.exe
[1980/01/01 00:00:00 | 001,301,776 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\mtlstrm.sys
[1980/01/01 00:00:00 | 000,548,888 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\slntamr.sys
[1980/01/01 00:00:00 | 000,221,848 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\mtlmnt5.sys
[1980/01/01 00:00:00 | 000,192,512 | ---- | C] ( ) -- D:\WINDOWS\System32\ATIDEMGR.dll
[1980/01/01 00:00:00 | 000,167,352 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\ntmtlfax.sys
[1980/01/01 00:00:00 | 000,086,872 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\slnthal.sys
[1980/01/01 00:00:00 | 000,045,056 | ---- | C] ( ) -- D:\WINDOWS\System32\slserv.exe
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/29 19:08:21 | 000,000,120 | ---- | C] () -- D:\WINDOWS\Ecazer.dat
[2010/11/29 19:08:21 | 000,000,000 | ---- | C] () -- D:\WINDOWS\Jfumiq.bin
[2009/02/15 21:27:49 | 000,000,021 | ---- | C] () -- D:\WINDOWS\atid.ini
[2008/03/12 16:51:29 | 000,003,584 | ---- | C] () -- D:\Documents and Settings\Janine Velardi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/21 22:59:09 | 000,008,704 | ---- | C] () -- D:\WINDOWS\System32\CNMVS4B.DLL
[2006/02/18 17:05:13 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2005/08/11 20:25:02 | 000,000,139 | ---- | C] () -- D:\Documents and Settings\Virginia Velardi\Local Settings\Application Data\fusioncache.dat
[2005/05/08 09:53:41 | 000,010,240 | ---- | C] () -- D:\WINDOWS\System32\vidx16.dll
[2005/03/28 00:06:48 | 000,000,069 | ---- | C] () -- D:\Documents and Settings\Michael Velardi\default.pls
[2005/03/20 11:40:32 | 000,000,080 | ---- | C] () -- D:\WINDOWS\encore_launcher.ini
[2005/03/11 20:46:33 | 000,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2005/02/12 15:49:03 | 000,111,104 | ---- | C] () -- D:\Documents and Settings\Michael Velardi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/11 12:29:24 | 000,037,888 | ---- | C] () -- D:\Documents and Settings\Virginia Velardi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/02 12:36:49 | 000,000,061 | ---- | C] () -- D:\WINDOWS\smscfg.ini
[2004/08/27 17:24:22 | 000,000,799 | ---- | C] () -- D:\WINDOWS\orun32.ini
[2004/08/27 15:54:53 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2004/08/27 15:49:55 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2004/08/27 15:46:04 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2004/08/27 15:45:28 | 000,298,848 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/27 15:40:06 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2004/08/27 15:40:05 | 000,441,744 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2004/08/27 15:40:05 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2004/08/27 15:40:05 | 000,071,680 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2004/08/27 15:40:05 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2004/08/27 15:40:04 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2004/08/27 15:40:03 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2004/08/27 15:40:03 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2004/08/27 15:40:01 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2004/08/27 15:39:59 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\OEMBIOS.BIN
[1980/01/01 00:00:00 | 000,196,608 | ---- | C] () -- D:\WINDOWS\System32\slextspk.dll
[1980/01/01 00:00:00 | 000,163,840 | ---- | C] () -- D:\WINDOWS\System32\SLGen.dll
[1980/01/01 00:00:00 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\coinst.dll
[1980/01/01 00:00:00 | 000,024,576 | ---- | C] () -- D:\WINDOWS\slrundll.exe
[1980/01/01 00:00:00 | 000,024,576 | ---- | C] () -- D:\WINDOWS\System32\e100bmsg.dll
[1980/01/01 00:00:00 | 000,005,327 | ---- | C] () -- D:\WINDOWS\System32\OEMBIOS.DAT
[1980/01/01 00:00:00 | 000,000,503 | ---- | C] () -- D:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2010/11/29 18:54:04 | 000,000,260 | ---- | M] () -- D:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< set /c >
ALLUSERSPROFILE=B:\Documents and Settings\All Users
APPDATA=B:\Documents and Settings\Default User\Application Data
ComputerName=Reatogo
ComSpec=X:\i386\system32\cmd.exe
DEVMGR_SHOW_DETAILS=1
DEVMGR_SHOW_NONPRESENT_DEVICES=1
OS=Windows_NT
Path=X:\i386;X:\i386\System32;X:\Bin;X:\i386\system32\com;X:\i386\system32\wbem;X:\i386\system32\wbem\snmp;X:\i386\PCHealth\HelpCtr\Binaries
PATHEXT=.COM;.EXE;.BAT;.CMD
ProfilesDir=B:\Documents and Settings
ProgramFiles=X:\Programs
PROMPT=$P$G
ramdrv=B:
RunScannerDir=X:\i386\System32
SystemDrive=X:
SystemRoot=X:\i386
TARGET_ROOT=D:\WINDOWS
temp=B:
tmp=B:
USBroot=Y:
USERPROFILE=B:\Documents and Settings\Default User
windir=X:\i386

< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/04/08 16:22:26 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/04/08 16:22:26 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- D:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- D:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- D:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/04/08 16:22:26 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- D:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/04/08 16:22:26 | 023,852,652 | ---- | M] () .cab file -- D:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- D:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- D:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- D:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- D:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- D:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\explorer.exe
[2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:04 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- D:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- D:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- D:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IASTOR.SYS >
[2004/03/23 09:13:58 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- D:\Drivers\iaStor.sys
[2004/03/23 09:13:58 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- D:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- D:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- D:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- D:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- D:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- D:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: REGEDIT.EXE >
[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- D:\WINDOWS\regedit.exe
[2008/04/13 20:12:32 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- D:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2004/08/04 05:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- D:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2004/08/04 05:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=783AFC80383C176B22DBF8333343992D -- D:\WINDOWS\I386\REGEDIT.EXE

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- D:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- D:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- D:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- D:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\system32\userinit.exe

< MD5 for: UXTHEME.DLL >
[2004/08/04 05:00:00 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=2CDE496666A975A2CE8F969F3042C8DB -- D:\WINDOWS\$NtServicePackUninstall$\uxtheme.dll
[2008/04/13 20:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- D:\WINDOWS\ServicePackFiles\i386\uxtheme.dll
[2008/04/13 20:12:08 | 000,218,624 | ---- | M] (Microsoft Corporation) MD5=7A2CC3719B255E6B5D74396183B7715B -- D:\WINDOWS\system32\uxtheme.dll

< MD5 for: VIAMRAID.SYS >
[2004/05/18 13:55:26 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- D:\Drivers\viamraid.sys
[2004/05/18 13:55:26 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- D:\WINDOWS\system32\drivers\viamraid.sys

< MD5 for: VIASRAID.SYS >
[2003/10/31 08:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- D:\Drivers\Winxp\viasraid.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 20:12:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2005/02/02 12:42:42 | 000,000,037 | ---- | M] () -- D:\DISEBKUP.FLG
[2009/09/27 19:55:40 | 000,003,587 | ---- | M] () -- D:\logfile
[2011/03/09 12:23:52 | 000,000,512 | ---- | M] () -- D:\MBRDUMP2.txt
[2010/04/08 16:30:36 | 000,250,048 | RHS- | M] () -- D:\ntldr
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- D:\NTDETECT.COM
[2005/02/08 16:38:26 | 000,000,211 | RHS- | M] () -- D:\boot.ini
[2004/08/27 15:51:48 | 000,000,000 | ---- | M] () -- D:\CONFIG.SYS
[2004/08/27 15:51:48 | 000,000,000 | ---- | M] () -- D:\AUTOEXEC.BAT
[2004/08/27 15:51:48 | 000,000,000 | RHS- | M] () -- D:\IO.SYS
[2004/08/27 15:51:48 | 000,000,000 | RHS- | M] () -- D:\MSDOS.SYS
[2011/03/09 12:19:52 | 000,152,616 | ---- | M] () -- D:\OTL.Txt
[2010/09/20 08:39:10 | 000,123,904 | ---- | M] (Systemintegrasjon AS) -- D:\MbrFix.exe
[2010/11/07 18:56:16 | 1072,480,256 | -HS- | M] () -- D:\hiberfil.sys
[2005/02/03 06:31:28 | 000,087,702 | ---- | M] () -- D:\SIGVERIF.TXT
[2005/02/03 06:31:28 | 000,000,172 | ---- | M] () -- D:\TOTALS.TXT
[2005/02/03 06:31:28 | 000,058,934 | ---- | M] () -- D:\SIGNED.TXT
[2005/02/03 06:31:28 | 000,000,002 | ---- | M] () -- D:\UNSIGNED.TXT
[2005/02/03 06:31:28 | 000,028,770 | ---- | M] () -- D:\UNSCANNED.TXT
[2005/11/18 12:21:20 | 000,000,856 | ---- | M] () -- D:\flashplayer.xpt
[2010/09/03 09:17:24 | 000,001,579 | -H-- | M] () -- D:\IPH.PH

< %systemroot%\System32\config\*.sav >
[2004/08/27 15:44:50 | 000,880,640 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav
[2004/08/27 15:44:50 | 000,659,456 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2004/08/27 15:44:50 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/07/27 02:30:36 | 008,462,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\shell32.dll
[1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2010/11/27 16:29:02 | 000,000,284 | ---- | M] () -- D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2010/11/29 18:54:04 | 000,000,260 | ---- | M] () -- D:\WINDOWS\Tasks\WGASetup.job
< End of report >

#25
Mikevel

Posted 09 March 2011 - 11:13 PM

Member

Topic Starter
Member
34 posts

By using your CD bootable operating system REATOGO, is it ok to copy photo's and important files to a usb drive in case this fix doesn't work out and we need to re-install windows

#26
JSntgRvr

Posted 10 March 2011 - 12:34 AM

Global Moderator

Global Moderator
11,579 posts

By using your CD bootable operating system REATOGO, is it ok to copy photo's and important files to a usb drive in case this fix doesn't work out and we need to re-install windows

Yes. It is a good idea to do so as dealing with the Master Boot Record you may lose your data.

Lets try another fix.

Remove the previous Bootfix folders and download the enclosed folder.

Save and extract its contents to the USB drive.

Insert the USB drive in the troubled computer and boot to Reatogo, browse to the USB drive, Open the Bootfix folder and double click on the RunMe.bat file.

If successful, attempt to restart in Normal Mode.

Keep me posted.

If unsuccessful, lets write a standard MBR in Drive_1

Boot to Reatogo. Doubleclick on MBRFIX. You will be presented with a command prompt. At the prompt type the following and press Enter after each line:

C:
cd \
MbrFix /drive 1 fixmbr /yes

Leave a space among the following arguments:

MbrFix
/drive
1
fixmbr
/yes

The drive is Drive One (Drive 1)

Attempt to boot in Normal Mode and let me know the outcome.

#27
Mikevel

Posted 10 March 2011 - 10:15 AM

Member

Topic Starter
Member
34 posts

I backed up all important files to usb

tried to run new boot fix but when i dbl click runme file a black window pops up for a fraction of a second, i can't read it, disappears to fast, how can i get window to stay up long enough so i can read it. I think it says duplicate file, not sure

do i have to delete boot files on corrupt computer first before running bootfix again

Edited by Mikevel, 10 March 2011 - 10:16 AM.

#28
JSntgRvr

Posted 10 March 2011 - 10:48 AM

Global Moderator

Global Moderator
11,579 posts

Did you run MBRFix (fixmbr) in drive_1 as suggested? If you have not, please do.

Lets see whats on the root directory on both drives. Save these instructions to the USB drive.

Restart the computer back to the OTLPE CD.

Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. set all settings to none to cut on scanning time.
- Under the Custom Scan box paste this in
  
  Dir /a C:\*.* /c
  Dir /a D:\*.* /c
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt(or D:\OTL.txt).
Copy this file to your USB drive.
Please post the contents of the C:\OTL.txt (or D:\OTL.txt) file in your reply also.

#29
Mikevel

Posted 10 March 2011 - 11:22 AM

Member

Topic Starter
Member
34 posts

Did you run MBRFix (fixmbr) in drive_1 as suggested? If you have not, please do.

Yes same results as before selected xp professional got out of range ! error
Tried xp default got file missing or corrupt
windows root>\system32\hal.ddl.

here is latest otl log info

OTL logfile created on: 3/10/2011 12:18:49 PM - Run
OTLPE by OldTimer - Version 3.1.45.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 304.00 Mb Available Physical Memory | 59.00% Memory free
458.00 Mb Paging File | 329.00 Mb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 111.79 Gb Total Space | 89.01 Gb Free Space | 79.63% Space Free | Partition Type: NTFS
Drive D: | 101.55 Gb Total Space | 63.36 Gb Free Space | 62.39% Space Free | Partition Type: FAT32
Drive E: | 10.22 Gb Total Space | 8.54 Gb Free Space | 83.49% Space Free | Partition Type: FAT32
Drive J: | 1.85 Gb Total Space | 1.78 Gb Free Space | 95.80% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Files/Folders - Created Within 30 Days ==========

[2011/03/09 12:22:33 | 000,123,904 | ---- | C] (Systemintegrasjon AS) -- D:\MbrFix.exe
[2011/03/09 12:04:32 | 000,000,000 | ---D | C] -- D:\_OTL
[2011/03/07 13:16:08 | 000,000,000 | ---D | C] -- D:\NBRT
[2008/01/31 12:30:40 | 058,619,176 | ---- | C] (Apple Inc.) -- D:\Program Files\iTunesSetup.exe
[1980/01/01 00:00:00 | 001,301,776 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\mtlstrm.sys
[1980/01/01 00:00:00 | 000,548,888 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\slntamr.sys
[1980/01/01 00:00:00 | 000,221,848 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\mtlmnt5.sys
[1980/01/01 00:00:00 | 000,192,512 | ---- | C] ( ) -- D:\WINDOWS\System32\ATIDEMGR.dll
[1980/01/01 00:00:00 | 000,167,352 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\ntmtlfax.sys
[1980/01/01 00:00:00 | 000,086,872 | ---- | C] ( ) -- D:\WINDOWS\System32\drivers\slnthal.sys
[1980/01/01 00:00:00 | 000,045,056 | ---- | C] ( ) -- D:\WINDOWS\System32\slserv.exe
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/29 19:08:21 | 000,000,120 | ---- | C] () -- D:\WINDOWS\Ecazer.dat
[2010/11/29 19:08:21 | 000,000,000 | ---- | C] () -- D:\WINDOWS\Jfumiq.bin
[2009/02/15 21:27:49 | 000,000,021 | ---- | C] () -- D:\WINDOWS\atid.ini
[2008/03/12 16:51:29 | 000,003,584 | ---- | C] () -- D:\Documents and Settings\Janine Velardi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/21 22:59:09 | 000,008,704 | ---- | C] () -- D:\WINDOWS\System32\CNMVS4B.DLL
[2006/02/18 17:05:13 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2005/08/11 20:25:02 | 000,000,139 | ---- | C] () -- D:\Documents and Settings\Virginia Velardi\Local Settings\Application Data\fusioncache.dat
[2005/05/08 09:53:41 | 000,010,240 | ---- | C] () -- D:\WINDOWS\System32\vidx16.dll
[2005/03/28 00:06:48 | 000,000,069 | ---- | C] () -- D:\Documents and Settings\Michael Velardi\default.pls
[2005/03/20 11:40:32 | 000,000,080 | ---- | C] () -- D:\WINDOWS\encore_launcher.ini
[2005/03/11 20:46:33 | 000,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2005/02/12 15:49:03 | 000,111,104 | ---- | C] () -- D:\Documents and Settings\Michael Velardi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/11 12:29:24 | 000,037,888 | ---- | C] () -- D:\Documents and Settings\Virginia Velardi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/02 12:36:49 | 000,000,061 | ---- | C] () -- D:\WINDOWS\smscfg.ini
[2004/08/27 17:24:22 | 000,000,799 | ---- | C] () -- D:\WINDOWS\orun32.ini
[2004/08/27 15:54:53 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2004/08/27 15:49:55 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2004/08/27 15:46:04 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2004/08/27 15:45:28 | 000,298,848 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/27 15:40:06 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2004/08/27 15:40:05 | 000,441,744 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2004/08/27 15:40:05 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2004/08/27 15:40:05 | 000,071,680 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2004/08/27 15:40:05 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2004/08/27 15:40:04 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2004/08/27 15:40:03 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2004/08/27 15:40:03 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2004/08/27 15:40:01 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2004/08/27 15:39:59 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\OEMBIOS.BIN
[1980/01/01 00:00:00 | 000,196,608 | ---- | C] () -- D:\WINDOWS\System32\slextspk.dll
[1980/01/01 00:00:00 | 000,163,840 | ---- | C] () -- D:\WINDOWS\System32\SLGen.dll
[1980/01/01 00:00:00 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\coinst.dll
[1980/01/01 00:00:00 | 000,024,576 | ---- | C] () -- D:\WINDOWS\slrundll.exe
[1980/01/01 00:00:00 | 000,024,576 | ---- | C] () -- D:\WINDOWS\System32\e100bmsg.dll
[1980/01/01 00:00:00 | 000,005,327 | ---- | C] () -- D:\WINDOWS\System32\OEMBIOS.DAT
[1980/01/01 00:00:00 | 000,000,503 | ---- | C] () -- D:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2010/11/29 18:54:04 | 000,000,260 | ---- | M] () -- D:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< Dir /a C:\*.* /c >
Volume in drive C is New Volume
Volume Serial Number is C415-D68A
Directory of C:\
08/06/2009 02:03 AM <DIR> bfd2b9ffca2064f475456c888624db69
03/09/2011 09:37 PM 196 Boot.bak
03/09/2011 09:37 PM 196 Boot.ini
03/10/2011 10:36 AM <DIR> Digital images
05/13/2008 04:20 PM <DIR> Disney 2004
08/06/2008 12:32 PM <DIR> Disney Vacation 2004
08/02/2010 07:47 PM <DIR> Janine's photo's
03/08/2011 04:59 PM 512 MBRDUMP.txt
09/20/2010 08:39 AM 123,904 MbrFix.exe
03/09/2011 06:07 PM 11,638 MbrFix.htm
09/03/2005 08:14 AM <DIR> Microdrive
07/16/2005 06:21 PM <DIR> MP3
03/07/2011 07:49 PM 606,076,928 NBRTPage.sys
08/04/2004 05:00 AM 47,564 NTDETECT.COM
04/08/2010 04:30 PM 250,048 ntldr
03/10/2011 10:03 AM <DIR> RECYCLER
02/02/2005 12:34 PM <DIR> System Volume Information
02/18/2006 05:00 PM <DIR> Temp
08/06/2008 01:24 PM <DIR> Temp movie
10/23/2006 11:41 AM <DIR> Wedding images
8 File(s) 606,510,986 bytes
12 Dir(s) 95,575,126,016 bytes free

< Dir /a D:\*.* /c >
Volume in drive D has no label.
Volume Serial Number is 412F-5471
Directory of D:\
08/09/2009 10:44 AM <DIR> FOUND.000
02/02/2005 12:42 PM 37 DISEBKUP.FLG
09/27/2009 07:55 PM 3,587 logfile
10/01/2009 05:52 PM <DIR> FOUND.001
10/04/2009 10:14 AM <DIR> FOUND.002
04/04/2010 09:49 AM <DIR> FOUND.003
03/07/2011 01:16 PM <DIR> NBRT
03/09/2011 12:04 PM <DIR> _OTL
08/11/2010 03:16 AM <DIR> FOUND.004
03/09/2011 12:23 PM 512 MBRDUMP2.txt
08/20/2010 06:31 PM <DIR> FOUND.005
08/27/2004 03:41 PM <DIR> WINDOWS
04/08/2010 04:30 PM 250,048 ntldr
08/04/2004 05:00 AM 47,564 NTDETECT.COM
08/27/2004 03:44 PM <DIR> Drivers
03/10/2011 12:20 PM 30 cmd.bat
02/08/2005 04:38 PM 211 boot.ini
08/27/2004 03:45 PM <DIR> Documents and Settings
08/27/2004 03:50 PM <DIR> Program Files
08/27/2004 03:51 PM 0 CONFIG.SYS
08/27/2004 03:51 PM 0 AUTOEXEC.BAT
08/27/2004 03:51 PM 0 IO.SYS
08/27/2004 03:51 PM 0 MSDOS.SYS
08/27/2004 03:55 PM <DIR> System Volume Information
03/09/2011 11:43 PM 153,108 OTL.Txt
09/20/2010 08:39 AM 123,904 MbrFix.exe
03/10/2011 12:20 PM 0 cmd.txt
08/27/2004 04:15 PM <DIR> Backup
08/27/2004 05:29 PM <DIR> Recycled
08/27/2004 05:31 PM <DIR> DISE
08/27/2004 05:31 PM <DIR> Techbox
11/07/2010 06:56 PM 1,072,480,256 hiberfil.sys
02/03/2005 06:31 AM 87,702 SIGVERIF.TXT
02/03/2005 06:31 AM 172 TOTALS.TXT
02/03/2005 06:31 AM 58,934 SIGNED.TXT
02/03/2005 06:31 AM 2 UNSIGNED.TXT
02/03/2005 06:31 AM 28,770 UNSCANNED.TXT
03/26/2005 02:44 PM <DIR> Demo Album
11/18/2005 12:21 PM 856 flashplayer.xpt
07/26/2008 11:18 AM <DIR> CPIC
09/03/2010 09:17 AM 1,579 IPH.PH
22 File(s) 1,073,237,272 bytes
19 Dir(s) 68,035,510,272 bytes free
< End of report >

#30
JSntgRvr

Posted 10 March 2011 - 11:40 AM

Global Moderator

Global Moderator
11,579 posts

Yes same results as before selected xp professional got out of range ! error
Tried xp default got file missing or corrupt
windows root>\system32\hal.ddl.

I don't understand the above. Lets try something else. Remove the hard drive you use as storage and leave the hard drive with the Operating System. Make sure the jumper is set to Master. Other than your USB, if there is another storage device, please remove it. Lets just work with the drive that has the Operating System,but set as Master.

Attempt to boot in Normal mode. Let me know of any errors. If unsuccessful, then run OTLPE as follows:

Restart the computer back to the OTLPE CD.

Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
- Change Drivers to All
- Change Standard Registry to All
- Under the Custom Scan box paste this in
  
  netsvcs
  set /c
  /md5start
  UXTHEME.DLL
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  Userinit.exe
  Explorer.exe
  Winlogon.exe
  Regedit.exe
  SCLWAPI.dll
  hal.dll
  /md5stop
  %SYSTEMDRIVE%\*.*
  %systemroot%\System32\config\*.sav
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\OTL.txt
Copy this file to your USB drive.
Please post the contents of the C:\OTL.txt file in your reply also.