1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Blue Screen of Death - No Boot

Discussion in 'Malware and Virus Removal Archive' started by JimInWa, 2010/11/22.

  1. 2010/11/22
    JimInWa

    JimInWa Inactive Thread Starter

    Joined:
    2010/11/22
    Messages:
    7
    Likes Received:
    0
    [Inactive] Blue Screen of Death - No Boot

    I did read the posted rules but, unfortunately can not run any of those programs as the computer will not boot. Upon trying to boot the Windows XP I get a Blue Screen (Blue Screen of Death). Stating "STOP: c000021a {Fatal System Error} "

    I did read through the forum here and found another similar problem from a couple weeks ago.

    Any help is appreciated.

    Thanks in advance,

    Jim


    I have downloaded and ran the OTLPE program and will post the log below:

    OTL logfile created on: 11/22/2010 3:26:18 PM - Run
    OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 49.78 Gb Total Space | 12.07 Gb Free Space | 24.25% Space Free | Partition Type: NTFS
    Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet003

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
    SRV - [2010/10/01 10:01:45 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) [Auto] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
    SRV - [2010/09/22 15:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
    SRV - [2010/07/16 18:19:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/06/10 23:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/09/28 22:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2009/06/17 11:50:00 | 003,173,804 | ---- | M] (INCA Internet Co., Ltd.) [Disabled] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2009/02/19 14:28:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/10/21 00:18:26 | 000,071,096 | ---- | M] () [Disabled] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
    SRV - [2008/08/11 15:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2007/08/05 01:24:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2007/03/07 17:47:46 | 000,076,848 | ---- | M] () [Disabled] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Disabled] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
    SRV - [2004/03/18 19:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\XDva311.sys -- (XDva311)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\XDva284.sys -- (XDva284)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\XDva090.sys -- (XDva090)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\XDva076.sys -- (XDva076)
    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\PCTINDIS5.SYS -- (PCTINDIS5)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
    DRV - File not found [Kernel | Auto] -- C:\WINDOWS\DellBIOS.Sys -- (DellBIOS)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\CHARLE~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/09/30 00:42:20 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2010/07/16 18:19:51 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010/07/16 18:18:47 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2010/06/17 16:49:10 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ssidrv.sys -- (SSIDRV)
    DRV - [2010/06/17 16:49:10 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto] -- C:\WINDOWS\system32\drivers\ssfmonm.sys -- (SSFMONM)
    DRV - [2010/06/17 16:49:10 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sshrmd.sys -- (SSHRMD)
    DRV - [2010/06/02 10:52:31 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2009/09/28 22:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2008/08/11 15:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\lmirfsdriver.sys -- (LMIRfsDriver)
    DRV - [2008/08/11 15:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
    DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/03/06 17:57:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pcasp50.sys -- (PCASp50)
    DRV - [2008/01/03 18:21:32 | 000,026,504 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2007/06/27 11:42:34 | 000,073,856 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
    DRV - [2007/06/27 11:41:48 | 000,101,248 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
    DRV - [2007/05/04 18:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
    DRV - [2007/05/04 18:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/04/05 17:04:16 | 000,017,920 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
    DRV - [2007/02/25 14:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2007/01/23 21:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2006/10/13 01:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
    DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\dsproct.sys -- (DSproct)
    DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/03/08 11:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2005/12/01 00:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV)
    DRV - [2005/12/01 00:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
    DRV - [2005/12/01 00:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf)
    DRV - [2005/10/17 20:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
    DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaudfam.sys -- (DLAUDFAM)
    DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaudf_m.sys -- (DLAUDF_M)
    DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaifs_m.sys -- (DLAIFS_M)
    DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaboiom.sys -- (DLABOIOM)
    DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaopiom.sys -- (DLAOPIOM)
    DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlapoolm.sys -- (DLAPoolM)
    DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dladresn.sys -- (DLADResN)
    DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (DRVNDDM)
    DRV - [2005/08/04 20:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2005/07/14 03:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/07/14 02:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/07/12 04:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2003/04/09 12:29:18 | 000,101,099 | ---- | M] (Belkin Components ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bkusbxp.sys -- (Belkin Belkin 11Mbps Wireless USB Network Adapter(R)) Belkin Belkin 11Mbps Wireless USB Network Adapter(R)
    DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2000/10/15 19:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD A6 5F 3D BB D9 CA 01 [binary data]
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
    IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {0F8A37B0-7AA3-460B-89F6-9916330BA217}:1.0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 13:50:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Flock 2.0\extensions\\Components: C:\Program Files\Flock\components
    FF - HKLM\software\mozilla\Flock 2.0\extensions\\Plugins: C:\Program Files\Flock\plugins
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/30 01:09:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/11 19:03:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/07/12 22:10:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/27 00:18:05 | 000,000,000 | ---D | M]

    [2009/05/22 18:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2009/05/22 18:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\odwc9r7b.default\extensions
    [2010/10/07 16:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2005/12/06 00:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
    [2008/07/15 16:14:48 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

    O1 HOSTS File: ([2010/10/07 16:42:31 | 000,420,902 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 14540 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\charles__e_hekking_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\LogMeInRemoteUser_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
    O4 - HKU\charles__e_hekking_ON_C..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    O4 - HKU\charles__e_hekking_ON_C..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKU\LogMeInRemoteUser_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKU\LogMeInRemoteUser_ON_C..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\charles__e_hekking_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\charles__e_hekking_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\charles__e_hekking_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\charles__e_hekking_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\charles__e_hekking_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools: = 0
    O7 - HKU\charles__e_hekking_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip: = 0
    O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LogMeInRemoteUser_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\LogMeInRemoteUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra Button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - Reg Error: Key error. File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208761101031 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab (NeffyLauncherCtl Class)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantaction.com/download/iaplayer.cab (InstantAction Game Launcher)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx (Persits Software XUpload)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\fcp {B3133379-8789-4d3c-9593-C205D7297501} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/03/25 20:43:32 | 000,000,038 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/08/24 12:23:03 | 001,063,320 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\charles e hekking\gotomypc_533.exe
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/22 18:18:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\lidahumu
    [2010/10/08 17:02:56 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
    [2010/10/01 15:14:30 | 000,007,911 | ---- | C] () -- C:\Documents and Settings\Administrator\avgrep.txt
    [2010/09/04 15:46:06 | 022,091,048 | ---- | C] () -- C:\Documents and Settings\charles e hekking\cache.zip
    [2010/07/12 15:54:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\charles e hekking\jagex__preferences3.dat
    [2010/04/11 17:38:24 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data\fusioncache.dat
    [2009/12/26 00:45:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
    [2009/09/04 01:24:40 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\charles e hekking\jagex_runescape_preferences2.dat
    [2009/08/06 12:32:45 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
    [2009/07/21 19:20:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
    [2009/07/12 16:47:41 | 000,002,261 | ---- | C] () -- C:\Documents and Settings\charles e hekking\Nathan and Ross.txt
    [2009/01/16 19:04:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\charles e hekking\InstLog.txt
    [2008/10/29 14:24:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\charles e hekking\__ng3d.lock
    [2008/10/29 14:22:08 | 000,000,587 | ---- | C] () -- C:\Documents and Settings\charles e hekking\RegnumOnline.ini
    [2008/07/22 10:43:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoPro.INI
    [2008/07/18 16:41:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\install.dll
    [2008/07/15 22:15:48 | 000,000,173 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
    [2008/07/15 13:46:51 | 000,000,084 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
    [2008/07/15 13:18:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
    [2008/07/15 13:18:02 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
    [2008/07/15 13:18:01 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
    [2008/07/15 13:18:00 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
    [2008/07/15 13:18:00 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
    [2008/07/15 13:17:59 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
    [2008/07/15 13:17:58 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
    [2008/07/15 13:17:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
    [2008/07/15 13:17:57 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
    [2008/07/15 13:17:57 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
    [2008/07/15 13:17:56 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
    [2008/07/15 13:17:56 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
    [2008/07/15 12:58:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll
    [2008/07/15 12:57:36 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
    [2008/07/15 12:57:34 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
    [2008/07/12 21:01:03 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\charles e hekking\jagex_runescape_preferences.dat
    [2008/04/09 21:07:00 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
    [2008/04/09 18:29:45 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
    [2008/04/08 22:57:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/03/10 19:14:25 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2008/02/29 00:01:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\TDH_Launcher.ini
    [2008/02/16 18:12:28 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Edofma.INI
    [2007/12/23 17:59:06 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\charles e hekking\thread.log
    [2007/12/22 15:03:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2007/09/19 02:01:59 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\charles e hekking\FEAD_error.log
    [2007/09/06 16:48:15 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\charles e hekking\GoToAssistDownloadHelper.exe
    [2007/08/10 13:08:48 | 000,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
    [2007/05/16 22:31:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2007/03/27 13:26:59 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
    [2007/03/25 20:43:32 | 000,000,605 | ---- | C] () -- C:\WINDOWS\PCalcpro.ini
    [2007/03/25 20:43:31 | 000,000,543 | ---- | C] () -- C:\WINDOWS\asc_sys.ini
    [2007/03/25 20:43:31 | 000,000,182 | ---- | C] () -- C:\WINDOWS\medlrng.ini
    [2007/03/25 20:43:12 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
    [2007/03/25 20:37:45 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\iprocnt.dll
    [2007/03/25 20:37:44 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\iproc.dll
    [2007/03/25 20:35:20 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\twdll.dll
    [2007/03/25 20:35:20 | 000,000,134 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
    [2007/02/19 15:53:23 | 000,160,256 | ---- | C] () -- C:\Documents and Settings\charles e hekking\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/02/19 04:19:59 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\charles e hekking\network settingstvldge.txt
    [2007/02/18 00:25:49 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2007/02/14 16:18:00 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\charles e hekking\network code.txt
    [2007/01/23 15:39:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\charles e hekking\ini.tpl
    [2006/10/16 11:03:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\charles e hekking\Application Data\dvd.bmk
    [2006/10/16 00:38:59 | 000,303,104 | ---- | C] () -- C:\WINDOWS\spy.dll
    [2006/10/16 00:38:59 | 000,057,344 | ---- | C] () -- C:\WINDOWS\vxddll.dll
    [2006/10/16 00:38:55 | 000,471,040 | ---- | C] () -- C:\WINDOWS\dbengine.dll
    [2006/10/16 00:38:55 | 000,245,760 | ---- | C] () -- C:\WINDOWS\dialogs.dll
    [2006/10/16 00:38:55 | 000,180,224 | ---- | C] () -- C:\WINDOWS\keyboard.dll
    [2006/10/16 00:38:55 | 000,094,208 | ---- | C] () -- C:\WINDOWS\guidll.dll
    [2006/10/16 00:38:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\hook.dll
    [2006/10/16 00:38:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\commhook.dll
    [2006/10/16 00:38:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\commque.dll
    [2006/09/02 19:30:31 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\charles e hekking\Application Data\PFP120JPR.{PB
    [2006/09/02 19:30:31 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\charles e hekking\Application Data\PFP120JCM.{PB
    [2006/08/04 23:51:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/07/25 20:25:09 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\charles e hekking\Local Settings\Application Data\fusioncache.dat
    [2006/07/25 20:24:53 | 000,000,136 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat
    [2006/07/20 12:23:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/07/20 12:15:22 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/07/20 11:41:33 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2006/07/20 11:41:13 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2006/07/20 11:41:08 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2006/07/20 11:39:53 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/16 20:52:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    [2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/16 04:18:27 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
    [2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2010/10/09 00:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\3DEE0F3070A86750A1D90801673AAEC5
    [2008/09/30 02:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Acclaim
    [2010/08/12 11:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\AnarchyScape
    [2008/08/22 07:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\AT&T
    [2009/01/26 15:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Canneverbe_Limited
    [2008/05/23 17:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\CDBurnerXP_Soft
    [2006/08/14 19:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\cehekk5
    [2009/06/30 22:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Command & Conquer 3 Tiberium Wars
    [2010/09/30 01:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\DAEMON Tools Pro
    [2008/08/19 21:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\DBUpdater
    [2010/01/17 01:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\DNA
    [2008/09/16 15:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Flickr
    [2009/07/02 14:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Flock
    [2009/09/18 17:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Free Download Manager
    [2009/07/19 20:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\GarageGames
    [2009/09/08 13:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\GetRightToGo
    [2010/08/09 19:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\godzHell
    [2009/08/20 17:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\id Software
    [2009/08/06 12:32:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\charles e hekking\Application Data\ijjigame
    [2009/02/22 18:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\kantaris
    [2010/04/11 14:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Kontiki
    [2007/09/29 15:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Leadertech
    [2006/08/01 14:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\MSNInstaller
    [2009/02/22 18:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\OpenCandy
    [2010/08/07 20:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\PirateGalaxy
    [2008/02/29 02:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Secret of the Solstice
    [2007/02/20 00:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Serif
    [2008/08/19 21:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Sierra Wireless
    [2008/02/25 12:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Snapfish
    [2010/06/23 10:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Stamps.com Internet Postage
    [2007/12/21 22:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Thunderbird
    [2009/09/13 11:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Turbine
    [2010/08/10 14:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\twistedScape
    [2008/08/19 22:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile

    ========== Purity Check ==========


    < End of report >
     
    JimInWa,
    #1
  2. 2010/11/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't see anything malicious, but I can see this:
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
    There are two possibilities here.
    Either registry value got messed up, or explorer.exe is missing from its correct location.

    Let's try to fix registry key first and we'll see how it goes.

    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\XDva311.sys -- (XDva311)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\XDva284.sys -- (XDva284)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\XDva090.sys -- (XDva090)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\XDva076.sys -- (XDva076)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\LogMeInRemoteUser_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O9 - Extra Button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - Reg Error: Key error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\fcp {B3133379-8789-4d3c-9593-C205D7297501} - Reg Error: Key error. File not found
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\lidahumu
[2010/10/09 00:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\3DEE0F3070A86750A1D90801673AAEC5


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
 "Shell "= "Explorer.exe "


:Files

:Commands
[purity]
[emptytemp]
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into windows.
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/11/22
    JimInWa

    JimInWa Inactive Thread Starter

    Joined:
    2010/11/22
    Messages:
    7
    Likes Received:
    0
    Ok, I ran the OTLPE program with the Fix.txt as you presented here and the following is the log it produced.

    Upon rebooting the computer, it only booted to the same point and gave the blue screen again.

    ------ Fix.log below ---

    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\XDva311 deleted successfully.
    File C:\WINDOWS\System32\XDva311.sys not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\XDva284 deleted successfully.
    File C:\WINDOWS\System32\XDva284.sys not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\XDva090 deleted successfully.
    File C:\WINDOWS\System32\XDva090.sys not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\XDva076 deleted successfully.
    File C:\WINDOWS\System32\XDva076.sys not found.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\EagleNT deleted successfully.
    File C:\WINDOWS\System32\drivers\EagleNT.sys not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{02011FE3-C22B-451d-9A25-BF4DBB38B8E7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02011FE3-C22B-451d-9A25-BF4DBB38B8E7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\charles__e_hekking_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\LogMeInRemoteUser_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\charles__e_hekking_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\LogMeInRemoteUser_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\fcp\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3133379-8789-4d3c-9593-C205D7297501}\ not found.
    File {B3133379-8789-4d3c-9593-C205D7297501} - Reg Error: Key error. File not found not found.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\SET48.tmp deleted successfully.
    C:\WINDOWS\System32\SET49.tmp deleted successfully.
    C:\WINDOWS\System32\SET7E.tmp deleted successfully.
    C:\WINDOWS\System32\SET83.tmp deleted successfully.
    C:\WINDOWS\002875_.tmp deleted successfully.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    C:\WINDOWS\system32\lidahumu moved successfully.
    Folder C:\Documents and Settings\charles e hekking\Application Data\3DEE0F3070A86750A1D90801673AAEC5\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\ "Shell "| "Explorer.exe" /E : value set successfully!
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 1204076 bytes
    ->Temporary Internet Files folder emptied: 162952 bytes
    ->FireFox cache emptied: 2929835 bytes
    ->Flash cache emptied: 456 bytes

    User: All Users

    User: Application Data

    User: charles e hekking
    ->Temp folder emptied: 17527262 bytes
    ->Temporary Internet Files folder emptied: 459783 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 130494512 bytes
    ->Flash cache emptied: 47797 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 41620 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 11529133 bytes
    ->FireFox cache emptied: 2685767 bytes
    ->Flash cache emptied: 3820 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 41620 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 5416814 bytes
    ->Flash cache emptied: 5000 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 588501 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 59151 bytes

    Total Files Cleaned = 165.00 mb


    OTLPE by OldTimer - Version 3.1.43.0 log created on 11222010_163133
     
    JimInWa,
    #3
  5. 2010/11/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Boot from OTLPE CD again....

    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Under the Custom Scan box paste this in:

      /md5start
      explorer.exe
      /md5stop

    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
    broni,
    #4
  6. 2010/11/22
    JimInWa

    JimInWa Inactive Thread Starter

    Joined:
    2010/11/22
    Messages:
    7
    Likes Received:
    0
    Here is the log for the scan with the /md5start, etc.... as you requested.


    OTL logfile created on: 11/22/2010 4:56:19 PM - Run
    OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
    Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 49.78 Gb Total Space | 12.24 Gb Free Space | 24.59% Space Free | Partition Type: NTFS
    Drive D: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.71% Space Free | Partition Type: FAT
    Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO | User Name: SYSTEM
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
    Using ControlSet: ControlSet003

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
    SRV - [2010/10/01 10:01:45 | 003,066,528 | ---- | M] (Webroot Software, Inc. ) [Auto] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
    SRV - [2010/09/22 15:41:50 | 003,872,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
    SRV - [2010/07/16 18:19:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/06/10 23:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/09/28 22:34:22 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2009/06/17 11:50:00 | 003,173,804 | ---- | M] (INCA Internet Co., Ltd.) [Disabled] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
    SRV - [2009/02/19 14:28:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/10/21 00:18:26 | 000,071,096 | ---- | M] () [Disabled] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
    SRV - [2008/08/11 15:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2007/08/05 01:24:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2007/03/07 17:47:46 | 000,076,848 | ---- | M] () [Disabled] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Disabled] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
    SRV - [2004/03/18 19:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
    DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\PCTINDIS5.SYS -- (PCTINDIS5)
    DRV - File not found [Kernel | System] -- -- (PCIDump)
    DRV - File not found [Kernel | System] -- -- (lbrtfdc)
    DRV - File not found [Kernel | Auto] -- C:\WINDOWS\DellBIOS.Sys -- (DellBIOS)
    DRV - File not found [Kernel | System] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\CHARLE~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/09/30 00:42:20 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2010/07/16 18:19:51 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010/07/16 18:18:47 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2010/06/17 16:49:10 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ssidrv.sys -- (SSIDRV)
    DRV - [2010/06/17 16:49:10 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto] -- C:\WINDOWS\system32\drivers\ssfmonm.sys -- (SSFMONM)
    DRV - [2010/06/17 16:49:10 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sshrmd.sys -- (SSHRMD)
    DRV - [2010/06/02 10:52:31 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2009/09/28 22:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2008/08/11 15:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\lmirfsdriver.sys -- (LMIRfsDriver)
    DRV - [2008/08/11 15:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
    DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/03/06 17:57:32 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pcasp50.sys -- (PCASp50)
    DRV - [2008/01/03 18:21:32 | 000,026,504 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2007/06/27 11:42:34 | 000,073,856 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
    DRV - [2007/06/27 11:41:48 | 000,101,248 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)
    DRV - [2007/05/04 18:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
    DRV - [2007/05/04 18:54:08 | 000,022,528 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/04/05 17:04:16 | 000,017,920 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
    DRV - [2007/02/25 14:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2007/01/23 21:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2006/10/13 01:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
    DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand] -- C:\Program Files\DellSupport\GTAction\triggers\dsproct.sys -- (DSproct)
    DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/03/08 11:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2005/12/01 00:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV)
    DRV - [2005/12/01 00:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
    DRV - [2005/12/01 00:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf)
    DRV - [2005/10/17 20:50:06 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
    DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaudfam.sys -- (DLAUDFAM)
    DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaudf_m.sys -- (DLAUDF_M)
    DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaifs_m.sys -- (DLAIFS_M)
    DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaboiom.sys -- (DLABOIOM)
    DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlaopiom.sys -- (DLAOPIOM)
    DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dlapoolm.sys -- (DLAPoolM)
    DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\dladresn.sys -- (DLADResN)
    DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (DRVNDDM)
    DRV - [2005/08/04 20:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2005/07/14 03:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/07/14 02:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/07/12 04:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2003/04/09 12:29:18 | 000,101,099 | ---- | M] (Belkin Components ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bkusbxp.sys -- (Belkin Belkin 11Mbps Wireless USB Network Adapter(R)) Belkin Belkin 11Mbps Wireless USB Network Adapter(R)
    DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2000/10/15 19:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
    IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD A6 5F 3D BB D9 CA 01 [binary data]
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\charles__e_hekking_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
    IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {0F8A37B0-7AA3-460B-89F6-9916330BA217}:1.0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 13:50:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Flock 2.0\extensions\\Components: C:\Program Files\Flock\components
    FF - HKLM\software\mozilla\Flock 2.0\extensions\\Plugins: C:\Program Files\Flock\plugins
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/30 01:09:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/11 19:03:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/07/12 22:10:03 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/27 00:18:05 | 000,000,000 | ---D | M]

    [2009/05/22 18:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2009/05/22 18:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\odwc9r7b.default\extensions
    [2010/10/07 16:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2005/12/06 00:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
    [2008/07/15 16:14:48 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

    O1 HOSTS File: ([2010/10/07 16:42:31 | 000,420,902 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 14540 more lines...
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\charles__e_hekking_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
    O4 - HKU\charles__e_hekking_ON_C..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    O4 - HKU\charles__e_hekking_ON_C..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKU\LogMeInRemoteUser_ON_C..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKU\LogMeInRemoteUser_ON_C..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\charles__e_hekking_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\charles__e_hekking_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\charles__e_hekking_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\charles__e_hekking_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\charles__e_hekking_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools: = 0
    O7 - HKU\charles__e_hekking_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\DisableRegistryTools\ShowInfoTip: = 0
    O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\LogMeInRemoteUser_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\LogMeInRemoteUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208761101031 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab (NeffyLauncherCtl Class)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantaction.com/download/iaplayer.cab (InstantAction Game Launcher)
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx (Persits Software XUpload)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/03/25 20:43:32 | 000,000,038 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/22 16:31:33 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/08/24 12:23:03 | 001,063,320 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\charles e hekking\gotomypc_533.exe

    ========== Files - Modified Within 30 Days ==========

    [2010/11/22 19:34:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    ========== Files Created - No Company Name ==========

    [2010/10/08 17:02:56 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
    [2010/10/01 15:14:30 | 000,007,911 | ---- | C] () -- C:\Documents and Settings\Administrator\avgrep.txt
    [2010/09/04 15:46:06 | 022,091,048 | ---- | C] () -- C:\Documents and Settings\charles e hekking\cache.zip
    [2010/07/12 15:54:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\charles e hekking\jagex__preferences3.dat
    [2010/04/11 17:38:24 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data\fusioncache.dat
    [2009/12/26 00:45:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
    [2009/09/04 01:24:40 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\charles e hekking\jagex_runescape_preferences2.dat
    [2009/08/06 12:32:45 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
    [2009/07/21 19:20:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
    [2009/07/12 16:47:41 | 000,002,261 | ---- | C] () -- C:\Documents and Settings\charles e hekking\Nathan and Ross.txt
    [2009/01/16 19:04:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\charles e hekking\InstLog.txt
    [2008/10/29 14:24:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\charles e hekking\__ng3d.lock
    [2008/10/29 14:22:08 | 000,000,587 | ---- | C] () -- C:\Documents and Settings\charles e hekking\RegnumOnline.ini
    [2008/07/22 10:43:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoPro.INI
    [2008/07/18 16:41:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\install.dll
    [2008/07/15 22:15:48 | 000,000,173 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
    [2008/07/15 13:46:51 | 000,000,084 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
    [2008/07/15 13:18:05 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
    [2008/07/15 13:18:02 | 001,052,672 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P5.dll
    [2008/07/15 13:18:01 | 001,261,568 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M6.dll
    [2008/07/15 13:18:00 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2A6.dll
    [2008/07/15 13:18:00 | 001,228,800 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2M5.dll
    [2008/07/15 13:17:59 | 001,093,632 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2PX.dll
    [2008/07/15 13:17:58 | 001,105,920 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2P6.dll
    [2008/07/15 13:17:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\MGIIpl2.dll
    [2008/07/15 13:17:57 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
    [2008/07/15 13:17:57 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
    [2008/07/15 13:17:56 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
    [2008/07/15 13:17:56 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
    [2008/07/15 12:58:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PretzelSpellCheck.dll
    [2008/07/15 12:57:36 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
    [2008/07/15 12:57:34 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
    [2008/07/12 21:01:03 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\charles e hekking\jagex_runescape_preferences.dat
    [2008/04/09 21:07:00 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
    [2008/04/09 18:29:45 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
    [2008/04/08 22:57:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/03/10 19:14:25 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2008/02/29 00:01:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\TDH_Launcher.ini
    [2008/02/16 18:12:28 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Edofma.INI
    [2007/12/23 17:59:06 | 000,000,594 | ---- | C] () -- C:\Documents and Settings\charles e hekking\thread.log
    [2007/12/22 15:03:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2007/09/19 02:01:59 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\charles e hekking\FEAD_error.log
    [2007/09/06 16:48:15 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\charles e hekking\GoToAssistDownloadHelper.exe
    [2007/08/10 13:08:48 | 000,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
    [2007/05/16 22:31:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2007/03/27 13:26:59 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
    [2007/03/25 20:43:32 | 000,000,605 | ---- | C] () -- C:\WINDOWS\PCalcpro.ini
    [2007/03/25 20:43:31 | 000,000,543 | ---- | C] () -- C:\WINDOWS\asc_sys.ini
    [2007/03/25 20:43:31 | 000,000,182 | ---- | C] () -- C:\WINDOWS\medlrng.ini
    [2007/03/25 20:43:12 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
    [2007/03/25 20:37:45 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\iprocnt.dll
    [2007/03/25 20:37:44 | 000,050,688 | ---- | C] () -- C:\WINDOWS\System32\iproc.dll
    [2007/03/25 20:35:20 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\twdll.dll
    [2007/03/25 20:35:20 | 000,000,134 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
    [2007/02/19 15:53:23 | 000,160,256 | ---- | C] () -- C:\Documents and Settings\charles e hekking\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/02/19 04:19:59 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\charles e hekking\network settingstvldge.txt
    [2007/02/18 00:25:49 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2007/02/14 16:18:00 | 000,000,092 | ---- | C] () -- C:\Documents and Settings\charles e hekking\network code.txt
    [2007/01/23 15:39:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\charles e hekking\ini.tpl
    [2006/10/16 11:03:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\charles e hekking\Application Data\dvd.bmk
    [2006/10/16 00:38:59 | 000,303,104 | ---- | C] () -- C:\WINDOWS\spy.dll
    [2006/10/16 00:38:59 | 000,057,344 | ---- | C] () -- C:\WINDOWS\vxddll.dll
    [2006/10/16 00:38:55 | 000,471,040 | ---- | C] () -- C:\WINDOWS\dbengine.dll
    [2006/10/16 00:38:55 | 000,245,760 | ---- | C] () -- C:\WINDOWS\dialogs.dll
    [2006/10/16 00:38:55 | 000,180,224 | ---- | C] () -- C:\WINDOWS\keyboard.dll
    [2006/10/16 00:38:55 | 000,094,208 | ---- | C] () -- C:\WINDOWS\guidll.dll
    [2006/10/16 00:38:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\hook.dll
    [2006/10/16 00:38:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\commhook.dll
    [2006/10/16 00:38:54 | 000,020,480 | ---- | C] () -- C:\WINDOWS\commque.dll
    [2006/09/02 19:30:31 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\charles e hekking\Application Data\PFP120JPR.{PB
    [2006/09/02 19:30:31 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\charles e hekking\Application Data\PFP120JCM.{PB
    [2006/08/04 23:51:42 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/07/25 20:25:09 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\charles e hekking\Local Settings\Application Data\fusioncache.dat
    [2006/07/25 20:24:53 | 000,000,136 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat
    [2006/07/20 12:23:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/07/20 12:15:22 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/07/20 11:41:33 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2006/07/20 11:41:13 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
    [2006/07/20 11:41:08 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
    [2006/07/20 11:39:53 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/08/16 20:52:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    [2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/16 04:18:27 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
    [2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2010/10/09 00:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\3DEE0F3070A86750A1D90801673AAEC5
    [2008/09/30 02:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Acclaim
    [2010/08/12 11:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\AnarchyScape
    [2008/08/22 07:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\AT&T
    [2009/01/26 15:32:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Canneverbe_Limited
    [2008/05/23 17:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\CDBurnerXP_Soft
    [2006/08/14 19:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\cehekk5
    [2009/06/30 22:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Command & Conquer 3 Tiberium Wars
    [2010/09/30 01:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\DAEMON Tools Pro
    [2008/08/19 21:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\DBUpdater
    [2010/01/17 01:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\DNA
    [2008/09/16 15:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Flickr
    [2009/07/02 14:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Flock
    [2009/09/18 17:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Free Download Manager
    [2009/07/19 20:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\GarageGames
    [2009/09/08 13:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\GetRightToGo
    [2010/08/09 19:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\godzHell
    [2009/08/20 17:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\id Software
    [2009/08/06 12:32:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\charles e hekking\Application Data\ijjigame
    [2009/02/22 18:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\kantaris
    [2010/04/11 14:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Kontiki
    [2007/09/29 15:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Leadertech
    [2006/08/01 14:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\MSNInstaller
    [2009/02/22 18:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\OpenCandy
    [2010/08/07 20:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\PirateGalaxy
    [2008/02/29 02:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Secret of the Solstice
    [2007/02/20 00:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Serif
    [2008/08/19 21:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Sierra Wireless
    [2008/02/25 12:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Snapfish
    [2010/06/23 10:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Stamps.com Internet Postage
    [2007/12/21 22:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Thunderbird
    [2009/09/13 11:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\Turbine
    [2010/08/10 14:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\charles e hekking\Application Data\twistedScape
    [2008/08/19 22:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile

    ========== Purity Check ==========



    ========== Custom Scans ==========



    < MD5 for: EXPLORER.EXE >
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
    < End of report >
     
    JimInWa,
    #5
  7. 2010/11/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL

:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
 "Shell "= "Explorer.exe "

:Files
C:\Windows\explorer.exe|C:\WINDOWS\ERDNT\cache\explorer.exe /replace

:Commands
[purity]
[emptytemp]
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into windows.
     
    broni,
    #6
  8. 2010/11/23
    JimInWa

    JimInWa Inactive Thread Starter

    Joined:
    2010/11/22
    Messages:
    7
    Likes Received:
    0
    Ok, I ran the Fix.txt as above. The log file upon rebooting is below. Trying to boot normally produces the same result of the blue screen.

    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\ "Shell "| "Explorer.exe" /E : value set successfully!
    ========== FILES ==========
    File C:\Windows\explorer.exe successfully replaced with C:\WINDOWS\ERDNT\cache\explorer.exe
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Application Data

    User: charles e hekking
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

    Total Files Cleaned = 0.00 mb


    OTLPE by OldTimer - Version 3.1.43.0 log created on 11222010_212657

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    JimInWa,
    #7
  9. 2010/11/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What was the very last thing, you're doing before the problem started?
    Did you try to boot to Safe Mode?
     
    broni,
    #8
  10. 2010/11/23
    JimInWa

    JimInWa Inactive Thread Starter

    Joined:
    2010/11/22
    Messages:
    7
    Likes Received:
    0
    The last thing that was done was scanning the computer with MalwareBytes. We scanned with AVG, CCleaner and MalwareBytes. MalwareBytes was used last as it said there was one item left to be removed. Scanning was done in safe mode.
     
    JimInWa,
    #9
  11. 2010/11/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Did you try to start in Safe Mode now?
    Did you try "Last Known Good Configuration "?
     
    broni,
    #10
  12. 2010/11/23
    JimInWa

    JimInWa Inactive Thread Starter

    Joined:
    2010/11/22
    Messages:
    7
    Likes Received:
    0
    Yes, I have tried booting in Safe Mode and Last Known Good Configuration. I think it will come down to trying to find the data on the machine I want to keep and doing a fresh install, though I was hoping that it could be recovered to boot up and then backup those things.

    Sounds like a long holiday weekend project.
     
    JimInWa,
    #11
  13. 2010/11/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #12
  14. 2010/11/23
    JimInWa

    JimInWa Inactive Thread Starter

    Joined:
    2010/11/22
    Messages:
    7
    Likes Received:
    0
    Thank you Broni, I appreciate the effort and help. I will let you know what happens.

    Have a great Thanksgiving!

    Jim
     
    JimInWa,
    #13
  15. 2010/11/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Same to you :)
     
    broni,
    #14

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...