Inactive Computer not booting right

fastirwin · 2011/03/10

[Inactive] Computer not booting right

Think I may have a virus. Windows XP computer, boots through Windows XP loading screen, then goes blank. Hard boot and it boots through and loads windows, but internet doesn't work and network connections not responding. Please offer suggestions.

PeteC · 2011/03/10

Please read this as indicated at the head of the forum and post the logs requested in this thread.

fastirwin · 2011/03/10

I can't boot the computer properly to follow those steps. Can you please suggest how to run some kind of "recovery" to get windows to boot properly first?

broni · 2011/03/10

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

I'm not sure, if we're dealing here with any infection, but we can take a look....

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps HERE

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.

fastirwin · 2011/03/11

Here is the log, looks like some helpful tools on this CD you had me burn! Hoping maybe we can use something to fix/recover the disk?

OTL logfile created on: 3/11/2011 10:00:43 AM - Run
OTLPE by OldTimer - Version 3.1.45.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 93.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 1397.26 Gb Total Space | 934.21 Gb Free Space | 66.86% Space Free | Partition Type: NTFS
Drive D: | 127.99 Gb Total Space | 67.16 Gb Free Space | 52.47% Space Free | Partition Type: NTFS
Drive E: | 104.89 Gb Total Space | 81.83 Gb Free Space | 78.01% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========
A
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto] -- D:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/29 21:05:04 | 000,112,640 | ---- | M] (ZeroG Software) [On_Demand] -- D:\Program Files\Belkin Automatic Power Management Software\BelkinAPMRMI.exe -- (BelkinAPMRMI)
SRV - [2008/11/29 21:05:04 | 000,112,640 | ---- | M] (ZeroG Software) [On_Demand] -- D:\Program Files\Belkin Automatic Power Management Software\BelkinAPMmonitor.exe -- (BelkinAPMmonitor)
SRV - [2008/11/29 21:05:04 | 000,112,640 | ---- | M] (ZeroG Software) [On_Demand] -- D:\Program Files\Belkin Automatic Power Management Software\BelkinAPMmanager.exe -- (BelkinAPMmanager)
SRV - [2008/11/29 21:05:04 | 000,112,640 | ---- | M] (ZeroG Software) [Auto] -- D:\Program Files\Belkin Automatic Power Management Software\BelkinAPM.exe -- (BelkinAPM)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/02/06 16:50:48 | 000,331,870 | ---- | M] (Check Point Software Technologies) [Auto] -- D:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand] -- D:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2004/03/31 03:00:00 | 000,045,056 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto] -- D:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto] -- D:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (RimUsb)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/10 07:18:20 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- D:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/25 17:31:32 | 000,252,416 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008/07/01 11:12:32 | 000,398,720 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/07 00:11:45 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- D:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007/09/13 20:41:28 | 000,051,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2007/09/13 20:41:20 | 000,014,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2007/09/13 20:41:02 | 000,029,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2007/09/13 20:40:54 | 000,019,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- D:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/08/07 04:40:38 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/13 10:47:12 | 000,048,256 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/02/06 16:50:48 | 000,110,160 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\vna.sys -- (VNA)
DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/09/27 12:51:48 | 000,073,216 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2004/03/31 03:00:00 | 000,020,992 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot] -- D:\WINDOWS\system32\drivers\DigiFilter.sys -- (DigiFilter)
DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [2001/08/17 12:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 12:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 12:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - D:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Ryan_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\Ryan_ON_D\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Ryan_ON_D\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Ryan_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Ryan_ON_D\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\Ryan_ON_D\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Ryan_ON_D\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - D:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Ryan_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: firefox@1passwd.com:1.0.3.165

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/04 22:25:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 13:42:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 13:42:51 | 000,000,000 | ---D | M]

[2011/01/05 00:11:52 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Ryan\Application Data\Mozilla\Extensions
[2011/03/07 20:02:42 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\ntik2aj7.default\extensions
[2011/01/05 00:17:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\ntik2aj7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/07 20:02:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\ntik2aj7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/17 18:18:15 | 000,000,000 | ---D | M] ( "MultirowBookmarksToolbar ") -- D:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\ntik2aj7.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2011/01/11 10:44:25 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- D:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\ntik2aj7.default\extensions\ALone-live@ya.ru
[2011/01/11 10:42:59 | 000,000,000 | ---D | M] ( "Xmarks ") -- D:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\ntik2aj7.default\extensions\foxmarks@kei.com
[2011/01/18 12:11:36 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- D:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\ntik2aj7.default\extensions\smartbookmarksbar@remy.juteau
[2011/03/07 19:09:48 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2011/03/07 19:09:48 | 000,000,000 | ---D | M] (Skype extension) -- D:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/08 12:08:51 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RYAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NTIK2AJ7.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RYAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NTIK2AJ7.DEFAULT\EXTENSIONS\FOXMARKS@KEI.COM
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\RYAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NTIK2AJ7.DEFAULT\EXTENSIONS\SMARTBOOKMARKSBAR@REMY.JUTEAU
File not found (No name found) -- C:\PROGRAM FILES\1PASSWORD\FIREFOX@1PASSWD.COM
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- D:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2011/01/07 12:12:15 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - D:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - D:\Program Files\1Password\Agile1pIE.dll (Agile Web Solutions)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - D:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] D:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EPSON Stylus Photo R220 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [VMonitorVMUVC] D:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation)
O4 - HKU\Ryan_ON_D..\Run: [Audiogalaxy] D:\Documents and Settings\Ryan\Local Settings\Application Data\Audiogalaxy\Audiogalaxy.exe (AG Entertainment Inc)
O4 - HKU\Ryan_ON_D..\Run: [Messenger (Yahoo!)] D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] D:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_D..\RunOnce: [NeroHomeFirstStart] File not found
O4 - Startup: D:\Documents and Settings\Ryan\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Ryan_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Ryan_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Ryan_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Ryan_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - D:\Program Files\1Password\Agile1pIE.dll (Agile Web Solutions)
O9 - Extra 'Tools' menuitem : 1Password Ctrl+\ - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - D:\Program Files\1Password\Agile1pIE.dll (Agile Web Solutions)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://framnotes02.insideidc.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1199679526744 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199679506260 (MUWebControl Class)
O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-data.com/rdc/EZTwainX.cab (EZTwainX by Dosadi)
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://framnotes02.insideidc.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://framnotes02.insideidc.com/dwa7W.cab (Domino Web Access 7 Control)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - D:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - D:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/07 11:49:21 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\H - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/11 09:56:02 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2011/03/11 09:56:02 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2011/03/11 09:56:02 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2011/03/11 09:56:02 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2011/03/11 09:56:02 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2011/03/11 09:56:02 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2011/03/11 09:56:02 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2011/03/11 09:56:02 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2011/03/11 09:56:02 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2011/03/11 09:56:02 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2011/03/11 09:56:02 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2011/03/11 09:56:02 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2011/03/11 09:56:02 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2011/03/08 12:12:01 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2011/03/07 20:03:04 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ryan\Local Settings\Application Data\Yahoo
[2011/03/07 20:01:16 | 000,000,000 | ---D | C] -- D:\Program Files\Yahoo!
[2011/03/07 20:00:56 | 000,418,616 | ---- | C] (Yahoo! Inc.) -- D:\Documents and Settings\Ryan\Desktop\msgr10us.exe
[2011/03/07 19:15:01 | 000,000,000 | ---D | C] -- D:\WINDOWS\VMUVC
[2011/03/07 19:15:00 | 000,053,760 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\vfwwdm32.dll
[2011/03/07 19:15:00 | 000,043,008 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\ksxbar.ax
[2011/03/07 19:15:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\vidcap.ax
[2011/03/07 19:14:58 | 000,091,136 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kswdmcap.ax
[2011/03/07 19:14:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\kstvtune.ax
[2011/03/07 19:14:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\ksuser.dll
[2011/03/07 19:14:56 | 000,141,056 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\ks.sys
[2011/03/07 19:14:56 | 000,129,536 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\ksproxy.ax
[2011/03/07 19:14:53 | 000,516,096 | ---- | C] (vimicro) -- D:\WINDOWS\System32\VMUVC.ax
[2011/03/07 19:14:53 | 000,398,720 | ---- | C] (Vimicro Corporation) -- D:\WINDOWS\System32\drivers\vvftUVC.sys
[2011/03/07 19:14:53 | 000,252,416 | ---- | C] (Vimicro Corporation) -- D:\WINDOWS\System32\drivers\VMUVC.sys
[2011/03/07 19:14:53 | 000,188,416 | ---- | C] (Vimicro Corporation) -- D:\WINDOWS\System32\vvftUVC.ax
[2011/03/07 19:14:53 | 000,098,304 | ---- | C] (Vimicro Corporation) -- D:\WINDOWS\System32\VMCtrl.ax
[2011/03/07 19:14:53 | 000,094,208 | ---- | C] (Vimicro Cooperation) -- D:\WINDOWS\System32\VvFtCtrl.dll
[2011/03/07 19:14:53 | 000,073,728 | ---- | C] (Vimicro Corporation) -- D:\WINDOWS\System32\exvmuvc.ax
[2011/03/07 19:14:53 | 000,011,776 | ---- | C] (Vimicro Corporation) -- D:\WINDOWS\System32\VMUVC.dll
[2011/03/07 19:14:49 | 000,319,456 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\DIFxAPI.dll
[2011/03/07 19:14:42 | 000,000,000 | ---D | C] -- D:\Program Files\Vimicro Corporation
[2011/03/07 19:14:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ryan\My Documents\webcam
[2011/03/07 19:14:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Ryan\My Documents\New Folder
[2011/03/07 19:09:27 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Skype
[2011/03/07 19:09:22 | 000,000,000 | R--D | C] -- D:\Program Files\Skype
[2011/03/07 19:05:06 | 000,005,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mstee.sys
[2011/03/07 19:05:02 | 000,010,880 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ndisip.sys
[2011/03/07 19:05:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\ipsink.ax
[2011/03/07 19:05:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ipsink.ax
[2011/03/07 19:05:00 | 000,015,232 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\streamip.sys
[2011/03/07 19:04:58 | 000,011,136 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\slip.sys
[2011/03/07 19:04:55 | 000,019,200 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/03/07 19:04:53 | 000,085,248 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/03/07 19:04:50 | 000,017,024 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/03/07 19:04:44 | 001,029,000 | ---- | C] (Skype Technologies S.A.) -- D:\Documents and Settings\Ryan\Desktop\SkypeSetup.exe
[2011/03/07 19:01:17 | 000,091,136 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/03/07 19:01:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/03/07 19:01:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/03/07 19:01:17 | 000,043,008 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/03/07 19:01:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dshowext.ax
[2011/03/07 19:01:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dshowext.ax
[2011/02/22 20:38:31 | 000,000,000 | ---D | C] -- D:\Program Files\iPod
[1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/11 09:58:05 | 000,000,435 | ---- | M] () -- B:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/11 09:56:48 | 000,000,079 | ---- | M] () -- B:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/03/11 09:33:20 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/03/10 17:10:05 | 000,000,974 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1284227242-725345543-1004UA.job
[2011/03/10 16:40:57 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2011/03/10 15:10:30 | 000,002,422 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/03/10 11:51:08 | 000,000,310 | ---- | M] () -- D:\WINDOWS\tasks\Orb Index when idle.job
[2011/03/10 10:10:00 | 000,000,922 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-1284227242-725345543-1004Core.job
[2011/03/08 14:01:03 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/08 12:19:41 | 000,000,000 | ---- | M] () -- D:\WINDOWS\lgfwup.ini
[2011/03/08 07:00:02 | 000,000,476 | ---- | M] () -- D:\WINDOWS\tasks\SyncBackSE M Partition to E (Seagate).job
[2011/03/07 20:00:55 | 000,418,616 | ---- | M] (Yahoo! Inc.) -- D:\Documents and Settings\Ryan\Desktop\msgr10us.exe
[2011/03/07 19:10:24 | 000,000,048 | -H-- | M] () -- D:\WINDOWS\System32\ezsidmv.dat
[2011/03/07 19:09:34 | 057,078,909 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\WCF2000HD.zip
[2011/03/07 19:04:46 | 001,029,000 | ---- | M] (Skype Technologies S.A.) -- D:\Documents and Settings\Ryan\Desktop\SkypeSetup.exe
[2011/03/02 03:10:31 | 000,002,277 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\Google Chrome.lnk
[2011/02/28 17:41:22 | 000,001,409 | ---- | M] () -- B:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows PE Media.lnk
[2011/02/26 21:55:23 | 000,111,900 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\erin 2009 taxes.PDF
[2011/02/22 20:37:07 | 000,082,861 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\[isoHunt] Neil_Young.torrent
[2011/02/22 20:36:02 | 000,044,752 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\[isoHunt] The New Pornographers - Together [mp3-vbr-2010].torrent
[2011/02/22 20:33:49 | 000,051,800 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\[isoHunt] Bryan Ferry & Roxy Music - Discography (24 albums-1972 - 2007).torrent
[2011/02/21 13:02:27 | 000,079,204 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\extron front.jpg
[2011/02/21 13:02:19 | 000,226,469 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\extron back.jpg
[2011/02/20 17:02:37 | 000,044,155 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\gucci serial.jpg
[2011/02/20 17:02:29 | 000,031,036 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\gucci front.jpg
[2011/02/20 16:48:45 | 000,124,754 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\CNXRMAK Serial.jpg
[2011/02/20 16:48:19 | 000,115,321 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\CNXRMAK front.jpg
[2011/02/20 16:42:41 | 000,112,628 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\CNXRMAK Back.jpg
[2011/02/20 16:31:12 | 000,067,783 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\CP2E Front.jpg
[2011/02/20 16:29:45 | 000,108,951 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\CP2E serial.jpg
[2011/02/20 16:27:29 | 000,110,684 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\cp2E back.jpg
[2011/02/20 16:15:43 | 000,319,187 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\cntrl block front.jpg
[2011/02/20 16:10:21 | 000,116,469 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\cntblock serial.jpg
[2011/02/20 16:04:11 | 000,109,427 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\crown serial 2.jpg
[2011/02/20 15:58:09 | 000,100,418 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\crown serial 1.jpg
[2011/02/20 15:54:17 | 000,195,476 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\furman serial.jpg
[2011/02/20 15:50:13 | 000,103,145 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\crestron eq serial.jpg
[2011/02/20 15:49:08 | 000,420,264 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\Crestron EQ front.jpg
[2011/02/20 15:48:10 | 000,286,463 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\crestron eq back.jpg
[2011/02/20 15:37:54 | 000,010,793 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\31E1XQ28VHL._SL500_AA300_.jpg
[2011/02/20 15:35:11 | 000,118,073 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\furman back.jpg
[2011/02/20 15:32:56 | 000,273,916 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\IMAG0016.jpg
[2011/02/20 15:32:56 | 000,273,916 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\Furman Pro.jpg
[2011/02/20 15:32:36 | 000,000,116 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2011/02/20 14:56:10 | 000,113,202 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\coffee table.jpg
[2011/02/20 14:49:04 | 000,164,767 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\crown back.jpg
[2011/02/20 14:48:22 | 000,115,119 | ---- | M] () -- D:\Documents and Settings\Ryan\Desktop\crown front.jpg
[2011/02/13 03:19:03 | 000,157,160 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/11 09:58:05 | 000,000,435 | ---- | C] () -- B:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/11 09:56:48 | 000,000,079 | ---- | C] () -- B:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/03/11 09:56:03 | 000,001,409 | ---- | C] () -- B:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows PE Media.lnk
[2011/03/08 12:19:41 | 000,000,000 | ---- | C] () -- D:\WINDOWS\lgfwup.ini
[2011/03/07 19:10:24 | 000,000,048 | -H-- | C] () -- D:\WINDOWS\System32\ezsidmv.dat
[2011/03/07 19:03:33 | 057,078,909 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\WCF2000HD.zip
[2011/02/26 22:01:44 | 000,111,900 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\erin 2009 taxes.PDF
[2011/02/22 20:37:09 | 000,082,861 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\[isoHunt] Neil_Young.torrent
[2011/02/22 20:36:04 | 000,044,752 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\[isoHunt] The New Pornographers - Together [mp3-vbr-2010].torrent
[2011/02/22 20:33:52 | 000,051,800 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\[isoHunt] Bryan Ferry & Roxy Music - Discography (24 albums-1972 - 2007).torrent
[2011/02/21 13:02:30 | 000,079,204 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\extron front.jpg
[2011/02/21 13:02:23 | 000,226,469 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\extron back.jpg
[2011/02/20 17:02:41 | 000,044,155 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\gucci serial.jpg
[2011/02/20 17:02:32 | 000,031,036 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\gucci front.jpg
[2011/02/20 16:48:53 | 000,124,754 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\CNXRMAK Serial.jpg
[2011/02/20 16:48:29 | 000,115,321 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\CNXRMAK front.jpg
[2011/02/20 16:42:51 | 000,112,628 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\CNXRMAK Back.jpg
[2011/02/20 16:31:18 | 000,067,783 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\CP2E Front.jpg
[2011/02/20 16:29:51 | 000,108,951 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\CP2E serial.jpg
[2011/02/20 16:27:33 | 000,110,684 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\cp2E back.jpg
[2011/02/20 16:15:48 | 000,319,187 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\cntrl block front.jpg
[2011/02/20 16:10:43 | 000,116,469 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\cntblock serial.jpg
[2011/02/20 16:04:19 | 000,109,427 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\crown serial 2.jpg
[2011/02/20 15:58:15 | 000,100,418 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\crown serial 1.jpg
[2011/02/20 15:54:22 | 000,195,476 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\furman serial.jpg
[2011/02/20 15:50:19 | 000,103,145 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\crestron eq serial.jpg
[2011/02/20 15:49:08 | 000,420,264 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\Crestron EQ front.jpg
[2011/02/20 15:48:16 | 000,286,463 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\crestron eq back.jpg
[2011/02/20 15:37:56 | 000,010,793 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\31E1XQ28VHL._SL500_AA300_.jpg
[2011/02/20 15:35:14 | 000,118,073 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\furman back.jpg
[2011/02/20 15:32:56 | 000,273,916 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\IMAG0016.jpg
[2011/02/20 15:32:56 | 000,273,916 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\Furman Pro.jpg
[2011/02/20 14:56:14 | 000,113,202 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\coffee table.jpg
[2011/02/20 14:49:11 | 000,164,767 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\crown back.jpg
[2011/02/20 14:48:27 | 000,115,119 | ---- | C] () -- D:\Documents and Settings\Ryan\Desktop\crown front.jpg
[2010/04/12 16:17:06 | 000,000,095 | ---- | C] () -- D:\WINDOWS\ParrotFlashWiz.INI
[2009/12/28 10:58:44 | 000,003,065 | ---- | C] () -- D:\WINDOWS\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2009/12/28 10:54:49 | 000,652,152 | ---- | C] () -- D:\WINDOWS\System32\SpoonUninstall.exe
[2009/02/16 18:12:41 | 000,000,256 | ---- | C] () -- D:\WINDOWS\System32\pool.bin
[2008/11/29 21:05:08 | 000,056,320 | ---- | C] () -- D:\WINDOWS\System32\smemory.dll
[2008/11/29 21:05:08 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\jspWinRni.DLL
[2008/11/29 21:05:08 | 000,035,992 | ---- | C] () -- D:\WINDOWS\System32\jspWinRnia.DLL
[2008/11/29 21:05:07 | 000,060,156 | ---- | C] () -- D:\WINDOWS\System32\jspWinNm.DLL
[2008/11/29 21:05:07 | 000,051,200 | ---- | C] () -- D:\WINDOWS\System32\TrayIcon12.dll
[2008/11/29 21:05:07 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\jspWin.dll
[2008/11/12 19:21:56 | 000,001,793 | ---- | C] () -- D:\WINDOWS\System32\fxsperf.ini
[2008/02/02 13:15:13 | 000,000,000 | ---- | C] () -- D:\WINDOWS\Irremote.ini
[2008/01/28 19:23:44 | 000,000,022 | ---- | C] () -- D:\WINDOWS\kodakpcd.Ryan.ini
[2008/01/28 18:45:10 | 000,030,608 | -H-- | C] () -- D:\WINDOWS\System32\mlfcache.dat
[2008/01/07 16:12:09 | 000,287,743 | ---- | C] () -- D:\WINDOWS\LOOP.exe
[2008/01/07 15:01:50 | 000,000,058 | ---- | C] () -- D:\WINDOWS\System32\EAL32.INI
[2008/01/07 14:02:33 | 000,217,088 | ---- | C] () -- D:\WINDOWS\System32\qtmlClient.dll
[2008/01/07 14:02:33 | 000,003,478 | ---- | C] () -- D:\WINDOWS\System32\digicoin.dll
[2008/01/07 13:24:04 | 000,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2008/01/07 13:24:03 | 000,056,832 | ---- | C] () -- D:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/07 13:04:39 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2008/01/07 12:03:54 | 001,703,936 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/07 12:03:54 | 001,626,112 | ---- | C] () -- D:\WINDOWS\System32\nwiz.exe
[2008/01/07 12:03:54 | 001,474,560 | ---- | C] () -- D:\WINDOWS\System32\nview.dll
[2008/01/07 12:03:54 | 001,339,392 | ---- | C] () -- D:\WINDOWS\System32\nvdspsch.exe
[2008/01/07 12:03:54 | 001,019,904 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll
[2008/01/07 12:03:54 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll
[2008/01/07 12:03:54 | 000,442,368 | ---- | C] () -- D:\WINDOWS\System32\nvappbar.exe
[2008/01/07 12:03:54 | 000,425,984 | ---- | C] () -- D:\WINDOWS\System32\keystone.exe
[2008/01/07 12:03:33 | 001,018,748 | ---- | C] () -- D:\WINDOWS\System32\nvucode.bin
[2008/01/07 12:03:28 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/07 11:50:30 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2008/01/07 11:47:25 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2008/01/07 06:42:25 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2008/01/07 06:41:09 | 000,157,160 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2008/01/06 23:41:22 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2008/01/06 23:38:54 | 000,002,385 | ---- | C] () -- D:\WINDOWS\mozver.dat
[2008/01/06 23:21:33 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2008/01/06 23:11:56 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\B11gUSB.dll
[2008/01/06 23:11:55 | 000,094,208 | ---- | C] () -- D:\WINDOWS\System32\GTW32N50.dll
[2001/08/18 07:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2001/08/18 07:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2001/08/18 07:00:00 | 000,434,028 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2001/08/18 07:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2001/08/18 07:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2001/08/18 07:00:00 | 000,068,188 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2001/08/18 07:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2001/08/18 07:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2001/08/18 07:00:00 | 000,004,461 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2001/08/18 07:00:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin
[2001/08/18 07:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/03/10 11:51:08 | 000,000,310 | ---- | M] () -- D:\WINDOWS\Tasks\Orb Index when idle.job
[2011/03/08 07:00:02 | 000,000,476 | ---- | M] () -- D:\WINDOWS\Tasks\SyncBackSE M Partition to E (Seagate).job

========== Purity Check ==========

< End of report >

fastirwin · 2011/03/11

When my computer rebooted after shutting down this boot tool, it actually booted back in to Windows this time! However, it could not connect to the internet. I use a Belkin USB wireless ethernet connection, and the software tool that usually runs in place of the standard wireless networking tool was in the task bar but frozen, could not end program or get it to open.

fastirwin · 2011/03/11

I am now in Windows XP, but there is a problem with ipconfig.exe, and I can't turn on my windows firewall, says due to an unknown error. Safe Mode still doesn't load.

broni · 2011/03/11

Well, I'm still not sure, what we're dealing here with.
OTLPE log doesn't show any infection signs.

Use working computer and USB flash drive to transfer following tool to bad computer.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Log in or Sign up

Inactive Computer not booting right

fastirwin Inactive Thread Starter

PeteC SuperGeek Staff

fastirwin Inactive Thread Starter

broni Moderator Malware Analyst

fastirwin Inactive Thread Starter

fastirwin Inactive Thread Starter

fastirwin Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Computer not booting right

fastirwin Inactive Thread Starter

PeteC SuperGeek Staff

fastirwin Inactive Thread Starter

broni Moderator Malware Analyst

fastirwin Inactive Thread Starter

fastirwin Inactive Thread Starter

fastirwin Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches