GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

HDD Virus - pc will not boot

View previous topic View next topic Go down

HDD Virus - pc will not boot

Post by mcp1959 on Wed Dec 08, 2010 2:05 pm

I was attacked with the HDD virus. I came back to this website and began preliminary steps before posting, but my pc froze completely. I turned it off, and now it will not boot in either normal or safe mode. I do have the Windows Recovery console installed. Is there anything I can do to be able to boot into either normal or safe mode? thanks in advance for your helip

mcp1959
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2010-09-26
OS : XP
Points : 22960
# Likes : 0

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by Belahzur on Thu Dec 09, 2010 12:17 am

Hello.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.[LIST]
[*]Place a blank CD-R disc in to your CD burning drive.
[*]Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
[*]Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
[*]Your system should now display a REATOGO-X-PE desktop.
[*]Double-click on the OTLPE icon.
[*]When asked "Do you wish to load the remote registry", select Yes
[*]When asked "Do you wish to load remote user profile(s) for scanning", select Yes
[*]Ensure the box "Automatically Load All Remaining Users" is checked and press OK
[*]OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by mcp1959 on Fri Dec 10, 2010 1:21 pm

thank you for the reply. I will try to find someone who will let download and burn the file, and will reply asap

mcp1959
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2010-09-26
OS : XP
Points : 22960
# Likes : 0

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by mcp1959 on Sat Dec 11, 2010 2:05 am

OTL file:
OTL logfile created on: 12/10/2010 7:47:01 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.00 Mb Total Physical Memory | 228.00 Mb Available Physical Memory | 48.00% Memory free
382.00 Mb Paging File | 289.00 Mb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 47.20 Gb Free Space | 66.15% Space Free | Partition Type: NTFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto] -- -- (AVP)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Disabled] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - File not found [Disabled] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\KProcWatch.sys -- (KProcWatch)
DRV - File not found [File_System | Boot] -- C:\WINDOWS\System32\DRIVERS\FStopW.sys -- (FPAV_RTP)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/09/20 19:21:05 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2010/03/11 14:49:08 | 000,204,632 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/01/11 23:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/01/04 05:29:42 | 000,069,720 | ---- | M] (Sunbelt Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/01/04 05:29:40 | 000,013,400 | ---- | M] (Sunbelt Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/10/13 08:02:36 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/29 12:14:43 | 000,271,360 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/11/29 12:14:40 | 000,018,048 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/11 21:56:17 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/12/08 12:51:19 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/15 09:38:14 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/19 04:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\Emily_Safewright.D2LTG0C1_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Emily_Safewright.D2LTG0C1_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Emily_Safewright.D2LTG0C1_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 84 6D 04 C7 B1 CA 01 [binary data]
IE - HKU\Emily_Safewright.D2LTG0C1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 84 6D 04 C7 B1 CA 01 [binary data]
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.alltheweb.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 18:46:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/05 11:09:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt

[2010/03/15 12:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Mozilla\Extensions
[2009/07/17 08:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/04 10:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Mozilla\Firefox\Profiles\nq4k36jh.default\extensions
[2010/04/27 19:48:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Mozilla\Firefox\Profiles\nq4k36jh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/07 18:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Mozilla\Firefox\Profiles\x6rmhy2x.booger\extensions
[2010/06/28 10:39:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Mozilla\Firefox\Profiles\x6rmhy2x.booger\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/07 18:41:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/26 16:01:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007/01/23 20:41:00 | 000,800,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npampx3.0.84.2.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/26 16:00:36 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/04 17:41:16 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/12/05 12:06:15 | 000,425,908 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14694 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - Reg Error: Value error. File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - Reg Error: Value error. File not found
O3 - HKU\Emily_Safewright.D2LTG0C1_ON_C\..\Toolbar\ShellBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\Emily_Safewright.D2LTG0C1_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\ShellBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Kilgore_Trout_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKU\Emily_Safewright.D2LTG0C1_ON_C..\Run: [219353750] C:\Documents and Settings\Emily Safewright.D2LTG0C1\Local Settings\temp\219353750.exe (Hddtools Corporation)
O4 - HKU\Emily_Safewright.D2LTG0C1_ON_C..\Run: [cdloader] C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\Emily_Safewright.D2LTG0C1_ON_C..\Run: [igndlm.exe] C:\Program Files\Download Manager\dlm.exe (IGN Entertainment)
O4 - HKU\Emily_Safewright.D2LTG0C1_ON_C..\Run: [Jwege] C:\WINDOWS\wmlgdp.DLL (trbarry@trbarry.com)
O4 - HKU\Emily_Safewright.D2LTG0C1_ON_C..\Run: [rAETnLIvsw.exe] C:\Documents and Settings\Emily Safewright.D2LTG0C1\Local Settings\temp\rAETnLIvsw.exe (MS Corporation)
O4 - HKU\HelpAssistant_ON_C..\Run: [cdloader] C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\Kilgore_Trout_ON_C..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\Kilgore_Trout_ON_C..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe File not found
O4 - HKU\Kilgore_Trout_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nousernameinstartmenu = 0
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nosimplestartmenu = 0
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nochangestartmenu = 0
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: norecentdochistory = 1
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: maxrecentdocs = 0
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\HelpAssistant_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nousernameinstartmenu = 0
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nosimplestartmenu = 0
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nostartmenumoreprograms = 0
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nochangestartmenu = 0
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: norecentdochistory = 1
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: maxrecentdocs = 0
O7 - HKU\Kilgore_Trout_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Kilgore_Trout_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Value error. File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Value error. File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dfrgetsh - (C:\WINDOWS\system32\convavaw.dll) - C:\WINDOWS\system32\convavaw.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/07 21:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/07 21:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/07 21:08:04 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Desktop\test.exe
[2010/12/05 21:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\American Civil War - Gettysburg
[2010/12/05 19:17:10 | 000,000,000 | ---D | C] -- C:\LEE
[2010/12/05 07:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Desktop\New Photos
[2010/03/23 09:47:03 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2010/03/23 09:47:02 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2010/03/23 09:47:02 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2010/03/23 09:47:01 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2010/03/23 09:47:00 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2010/03/23 09:46:59 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2010/03/23 09:46:59 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2010/03/23 09:46:59 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2010/03/23 09:46:58 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2010/03/23 09:46:53 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2010/03/23 09:46:44 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2010/03/23 09:46:44 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/07 21:23:31 | 080,029,464 | ---- | M] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Desktop\jdk-6u23-windows-i586.exe
[2010/12/07 21:12:38 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Desktop\HDD Plus.lnk
[2010/12/07 21:08:49 | 000,046,080 | -H-- | M] () -- C:\WINDOWS\System32\convavaw.dll
[2010/12/07 20:58:42 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{74E3B3F6-800A-4959-AFFA-7DCF0B91911E}.job
[2010/12/05 21:25:45 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Desktop\American Civil War - Gettysburg.lnk
[2010/12/05 12:06:15 | 000,425,908 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/05 08:17:19 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/12/05 08:16:42 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/05 08:16:32 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/12/05 08:16:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/04 10:22:17 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Desktop\Glary Utilities.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/20 13:08:04 | 000,452,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/20 13:08:04 | 000,076,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/20 11:11:45 | 000,425,140 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101205-120614.backup
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/07 21:21:08 | 080,029,464 | ---- | C] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Desktop\jdk-6u23-windows-i586.exe
[2010/12/07 21:12:38 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Desktop\HDD Plus.lnk
[2010/12/07 21:08:49 | 000,046,080 | -H-- | C] () -- C:\WINDOWS\System32\convavaw.dll
[2010/12/05 21:25:45 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Desktop\American Civil War - Gettysburg.lnk
[2010/07/31 09:34:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\netstat.bat
[2010/03/23 09:49:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2010/03/23 09:49:37 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2010/03/23 09:48:58 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2010/03/23 09:48:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2010/03/23 09:48:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2010/03/23 09:47:03 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2010/03/23 09:47:01 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2010/03/23 09:46:58 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2010/03/23 09:46:58 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2010/03/23 09:46:57 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2010/03/23 09:46:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2010/03/23 09:46:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2010/03/23 09:46:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2010/03/23 09:46:51 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2010/03/23 09:46:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2010/03/23 09:46:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DLCXcfg.dll
[2010/02/09 16:43:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/01/12 20:08:38 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/11/01 08:21:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Local Settings\Application Data\housecall.guid.cache
[2009/10/16 20:17:19 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/11/29 12:14:43 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/11/29 12:14:40 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/09/11 09:03:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/06/28 19:11:58 | 000,000,144 | ---- | C] () -- C:\WINDOWS\PG3prefs.ini
[2008/06/11 19:23:45 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/06/11 19:23:45 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/06/11 19:22:39 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/06/11 19:22:35 | 000,000,068 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/05/02 14:10:52 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\50B3B90E9B.sys
[2008/05/02 13:29:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/05/02 13:29:49 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/04/15 10:30:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/02/01 09:06:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/01/17 07:35:58 | 000,000,148 | ---- | C] () -- C:\WINDOWS\STATDEM.INI
[2008/01/04 18:44:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2007/12/29 09:47:38 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\50B3B90E9B.dll
[2007/10/11 21:40:18 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/10 22:31:35 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Kilgore Trout\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/09 22:11:33 | 000,000,492 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/08 20:08:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\TPActiveX.dll
[2007/10/04 05:40:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/03 01:47:48 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\dvd.bmk
[2007/10/03 01:42:56 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Local Settings\Application Data\fusioncache.dat
[2006/12/20 14:40:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/09 00:14:21 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/09 00:14:21 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\EEA1BBBC51.sys
[2006/10/25 18:44:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/25 18:40:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/25 18:10:50 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/25 18:10:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/25 18:10:44 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2007/10/03 01:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Aim
[2010/03/15 11:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\CheckPoint
[2007/10/06 21:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\eMusic
[2008/01/24 10:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\EssentialPIM
[2010/06/29 16:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Facebook
[2010/03/21 07:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\FRISK Software
[2010/06/09 06:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\funkitron
[2009/09/29 19:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\GetRightToGo
[2009/04/08 15:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\GlarySoft
[2007/10/06 20:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\IrfanView
[2008/10/20 09:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\iWin
[2006/12/09 09:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Leadertech
[2010/09/25 08:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\mjusbsp
[2007/02/07 00:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\MP3Rocket
[2006/12/08 18:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\MSNInstaller
[2009/01/16 08:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\OpenOffice.org
[2008/01/01 15:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Registry Cleaner
[2007/12/07 11:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\SystemRequirementsLab
[2010/09/26 11:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Tific
[2007/10/05 21:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Uniblue
[2009/03/05 10:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Unity
[2007/01/30 07:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Viewpoint
[2009/11/01 11:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Windows Search
[2007/10/12 19:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kilgore Trout\Application Data\Leadertech
[2010/12/05 08:16:32 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/12/06 14:28:00 | 000,032,632 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/12/07 20:58:42 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{74E3B3F6-800A-4959-AFFA-7DCF0B91911E}.job

========== Purity Check ==========


< End of report >

mcp1959
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2010-09-26
OS : XP
Points : 22960
# Likes : 0

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by Belahzur on Sat Dec 11, 2010 5:34 pm

Hello.

Please run OTLPE.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - Reg Error: Value error. File not found
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - Reg Error: Value error. File not found
    O3 - HKU\Emily_Safewright.D2LTG0C1_ON_C\..\Toolbar\ShellBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKU\HelpAssistant_ON_C\..\Toolbar\ShellBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    O3 - HKU\Kilgore_Trout_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKU\Emily_Safewright.D2LTG0C1_ON_C..\Run: [219353750] C:\Documents and Settings\Emily Safewright.D2LTG0C1\Local Settings\temp\219353750.exe (Hddtools Corporation)
    O4 - HKU\Emily_Safewright.D2LTG0C1_ON_C..\Run: [Jwege] C:\WINDOWS\wmlgdp.DLL (trbarry@trbarry.com)
    O4 - HKU\Emily_Safewright.D2LTG0C1_ON_C..\Run: [rAETnLIvsw.exe] C:\Documents and Settings\Emily Safewright.D2LTG0C1\Local Settings\temp\rAETnLIvsw.exe (MS Corporation)
    O36 - AppCertDlls: dfrgetsh - (C:\WINDOWS\system32\convavaw.dll) - C:\WINDOWS\system32\convavaw.dll ()



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by mcp1959 on Sat Dec 11, 2010 9:53 pm

Is there a link to download OTLPE without using the Standard REATOGO Windows Recovery Environment?

mcp1959
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2010-09-26
OS : XP
Points : 22960
# Likes : 0

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by Belahzur on Sat Dec 11, 2010 11:23 pm

Not really, OTLPE is a bootable disc system of a program we used called OTL, but in this case if you can't get it fully booted properly, OTLPE is the way to go.

Did you do my above fix?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by mcp1959 on Sun Dec 12, 2010 3:17 pm

Yes, and I must apologize. The moment I got it up I ran Malwarebytes Anti-Malware to eliminate the HDD. At any rate, here is the OTL log you requested:

OTL logfile created on: 12/12/2010 10:03:13 AM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.00 Mb Total Physical Memory | 224.00 Mb Available Physical Memory | 47.00% Memory free
382.00 Mb Paging File | 288.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.36 Gb Total Space | 42.99 Gb Free Space | 60.25% Space Free | Partition Type: NTFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto] -- -- (AVP)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Disabled] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - File not found [Disabled] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2006/10/11 16:48:50 | 000,532,480 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\KProcWatch.sys -- (KProcWatch)
DRV - File not found [File_System | Boot] -- C:\WINDOWS\System32\DRIVERS\FStopW.sys -- (FPAV_RTP)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/09/20 19:21:05 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/05/07 11:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2010/03/11 14:49:08 | 000,204,632 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (SbTis)
DRV - [2010/01/11 23:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/01/04 05:29:42 | 000,069,720 | ---- | M] (Sunbelt Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/01/04 05:29:40 | 000,013,400 | ---- | M] (Sunbelt Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2009/11/02 19:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/10/13 08:02:36 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/11/29 12:14:43 | 000,271,360 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/11/29 12:14:40 | 000,018,048 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/11 21:56:17 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/12/08 12:51:19 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/15 09:38:14 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/19 04:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\Emily_Safewright.D2LTG0C1_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Emily_Safewright.D2LTG0C1_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Emily_Safewright.D2LTG0C1_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 84 6D 04 C7 B1 CA 01 [binary data]
IE - HKU\Emily_Safewright.D2LTG0C1_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 84 6D 04 C7 B1 CA 01 [binary data]
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\Kilgore_Trout_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.alltheweb.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 09:43:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 09:43:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt

[2010/03/15 12:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Mozilla\Extensions
[2009/07/17 08:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/04 10:23:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Mozilla\Firefox\Profiles\nq4k36jh.default\extensions
[2010/04/27 19:48:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Mozilla\Firefox\Profiles\nq4k36jh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/11 21:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Mozilla\Firefox\Profiles\x6rmhy2x.booger\extensions
[2010/06/28 10:39:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Mozilla\Firefox\Profiles\x6rmhy2x.booger\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/11 21:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/26 16:01:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007/01/23 20:41:00 | 000,800,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npampx3.0.84.2.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/26 16:00:36 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/01/04 17:41:16 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2010/01/13 17:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/12/11 04:43:07 | 000,426,196 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14704 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - Reg Error: Value error. File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - Reg Error: Value error. File not found
O3 - HKU\Emily_Safewright.D2LTG0C1_ON_C\..\Toolbar\ShellBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\Emily_Safewright.D2LTG0C1_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\ShellBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\Kilgore_Trout_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DLCXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKU\Emily_Safewright.D2LTG0C1_ON_C..\Run: [cdloader] C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\Emily_Safewright.D2LTG0C1_ON_C..\Run: [igndlm.exe] C:\Program Files\Download Manager\dlm.exe (IGN Entertainment)
O4 - HKU\HelpAssistant_ON_C..\Run: [cdloader] C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\Kilgore_Trout_ON_C..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\Kilgore_Trout_ON_C..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe File not found
O4 - HKU\Kilgore_Trout_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nousernameinstartmenu = 0
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nosimplestartmenu = 0
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nochangestartmenu = 0
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: norecentdochistory = 1
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: maxrecentdocs = 0
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Emily_Safewright.D2LTG0C1_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\HelpAssistant_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nousernameinstartmenu = 0
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nosimplestartmenu = 0
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nostartmenumoreprograms = 0
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nochangestartmenu = 0
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: norecentdochistory = 1
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: maxrecentdocs = 0
O7 - HKU\Kilgore_Trout_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Kilgore_Trout_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Value error. File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Value error. File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Application Data\IrfanView\IrfanView_Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dfrgetsh - (C:\WINDOWS\system32\convavaw.dll) - C:\WINDOWS\System32\convavaw.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/11 15:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Morphyre
[2010/12/11 09:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Local Settings\Application Data\Easy CD-DA Extractor
[2010/12/11 09:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Easy CD-DA Extractor 2010
[2010/12/11 08:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Desktop\song copies
[2010/12/07 21:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/07 21:20:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/05 19:17:10 | 000,000,000 | ---D | C] -- C:\LEE
[2010/12/05 07:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Desktop\New Photos
[2010/03/23 09:47:03 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2010/03/23 09:47:02 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2010/03/23 09:47:02 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2010/03/23 09:47:01 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2010/03/23 09:47:00 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2010/03/23 09:46:59 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2010/03/23 09:46:59 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2010/03/23 09:46:59 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2010/03/23 09:46:58 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2010/03/23 09:46:53 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2010/03/23 09:46:44 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2010/03/23 09:46:44 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/12 09:57:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/12 09:44:04 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{74E3B3F6-800A-4959-AFFA-7DCF0B91911E}.job
[2010/12/11 18:40:39 | 000,000,966 | ---- | M] () -- C:\WINDOWS\STBC_DEMO.ini
[2010/12/11 16:09:51 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/12/11 16:09:32 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/12/11 16:08:56 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/12/11 07:44:17 | 000,069,054 | ---- | M] () -- C:\winterforest.jpg
[2010/12/11 04:43:07 | 000,426,196 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/10 19:57:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/05 12:06:15 | 000,425,908 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101211-044307.backup
[2010/12/04 10:22:17 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Desktop\Glary Utilities.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/20 13:08:04 | 000,452,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/20 13:08:04 | 000,076,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/20 11:11:45 | 000,425,140 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101205-120614.backup
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/11 18:40:28 | 000,000,966 | ---- | C] () -- C:\WINDOWS\STBC_DEMO.ini
[2010/12/11 07:44:16 | 000,069,054 | ---- | C] () -- C:\winterforest.jpg
[2010/07/31 09:34:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\netstat.bat
[2010/03/23 09:49:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2010/03/23 09:49:37 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2010/03/23 09:48:58 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2010/03/23 09:48:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2010/03/23 09:48:57 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2010/03/23 09:47:03 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2010/03/23 09:47:01 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2010/03/23 09:46:58 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2010/03/23 09:46:58 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2010/03/23 09:46:57 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2010/03/23 09:46:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2010/03/23 09:46:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2010/03/23 09:46:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2010/03/23 09:46:51 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2010/03/23 09:46:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2010/03/23 09:46:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DLCXcfg.dll
[2010/02/09 16:43:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/01/12 20:08:38 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/11/01 08:21:45 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Local Settings\Application Data\housecall.guid.cache
[2009/10/16 20:17:19 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/11/29 12:14:43 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/11/29 12:14:40 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/09/11 09:03:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2008/06/28 19:11:58 | 000,000,144 | ---- | C] () -- C:\WINDOWS\PG3prefs.ini
[2008/06/11 19:23:45 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/06/11 19:23:45 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/06/11 19:22:39 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/06/11 19:22:35 | 000,000,068 | ---- | C] () -- C:\WINDOWS\KA.INI
[2008/05/02 14:10:52 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\50B3B90E9B.sys
[2008/05/02 13:29:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/05/02 13:29:49 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/04/15 10:30:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/02/01 09:06:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/01/17 07:35:58 | 000,000,148 | ---- | C] () -- C:\WINDOWS\STATDEM.INI
[2008/01/04 18:44:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2007/12/29 09:47:38 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\50B3B90E9B.dll
[2007/10/11 21:40:18 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/10 22:31:35 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Kilgore Trout\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/09 22:11:33 | 000,000,492 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/08 20:08:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\TPActiveX.dll
[2007/10/04 05:40:33 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/03 01:47:48 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\dvd.bmk
[2007/10/03 01:42:56 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Local Settings\Application Data\fusioncache.dat
[2006/12/20 14:40:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/09 00:14:21 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/09 00:14:21 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\EEA1BBBC51.sys
[2006/10/25 18:44:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/25 18:40:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/25 18:10:50 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/25 18:10:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/25 18:10:44 | 000,000,394 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2007/10/03 01:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Aim
[2010/03/15 11:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\CheckPoint
[2007/10/06 21:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\eMusic
[2008/01/24 10:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\EssentialPIM
[2010/06/29 16:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Facebook
[2010/03/21 07:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\FRISK Software
[2010/06/09 06:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\funkitron
[2009/09/29 19:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\GetRightToGo
[2009/04/08 15:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\GlarySoft
[2007/10/06 20:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\IrfanView
[2008/10/20 09:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\iWin
[2006/12/09 09:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Leadertech
[2010/09/25 08:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\mjusbsp
[2007/02/07 00:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\MP3Rocket
[2006/12/08 18:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\MSNInstaller
[2009/01/16 08:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\OpenOffice.org
[2008/01/01 15:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Registry Cleaner
[2007/12/07 11:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\SystemRequirementsLab
[2010/09/26 11:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Tific
[2007/10/05 21:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Uniblue
[2009/03/05 10:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Unity
[2007/01/30 07:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Viewpoint
[2009/11/01 11:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily Safewright.D2LTG0C1\Application Data\Windows Search
[2007/10/12 19:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kilgore Trout\Application Data\Leadertech
[2010/12/11 16:09:32 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2010/12/12 09:57:10 | 000,032,496 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/12/12 09:44:04 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{74E3B3F6-800A-4959-AFFA-7DCF0B91911E}.job

========== Purity Check ==========



========== Custom Scans ==========


< :OTL >

< O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. >

< O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - Reg Error: Value error. File not found >

< O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - Reg Error: Value error. File not found >

< O3 - HKU\Emily_Safewright.D2LTG0C1_ON_C\..\Toolbar\ShellBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found. >

< O3 - HKU\HelpAssistant_ON_C\..\Toolbar\ShellBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found. >

< O3 - HKU\Kilgore_Trout_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. >

< O4 - HKU\Emily_Safewright.D2LTG0C1_ON_C..\Run: [219353750] C:\Documents and Settings\Emily Safewright.D2LTG0C1\Local Settings\temp\219353750.exe (Hddtools Corporation) >

< O4 - HKU\Emily_Safewright.D2LTG0C1_ON_C..\Run: [Jwege] C:\WINDOWS\wmlgdp.DLL (trbarry@trbarry.com) >

< O4 - HKU\Emily_Safewright.D2LTG0C1_ON_C..\Run: [rAETnLIvsw.exe] C:\Documents and Settings\Emily Safewright.D2LTG0C1\Local Settings\temp\rAETnLIvsw.exe (MS Corporation) >

< O36 - AppCertDlls: dfrgetsh - (C:\WINDOWS\system32\convavaw.dll) - C:\WINDOWS\system32\convavaw.dll () >
< End of report >

mcp1959
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2010-09-26
OS : XP
Points : 22960
# Likes : 0

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by mcp1959 on Sun Dec 12, 2010 3:18 pm

MBAM Log:

Malwarebytes' Anti-Malware 1.50
[You must be registered and logged in to see this link.]

Database version: 5291

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12/10/2010 8:58:04 PM
mbam-log-2010-12-10 (20-58-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 255768
Time elapsed: 33 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jwege (Trojan.Hiloti) -> Value: Jwege -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rAETnLIvsw.exe (Trojan.FakeAlert) -> Value: rAETnLIvsw.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\219353750 (Rogue.HDDSCan) -> Value: 219353750 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\wmlgdp.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\emily safewright.d2ltg0c1\local settings\temp\raetnlivsw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\emily safewright.d2ltg0c1\local settings\temp\219353750.exe (Rogue.HDDSCan) -> Quarantined and deleted successfully.
c:\documents and settings\emily safewright.d2ltg0c1\application data\Adobe\plugs\kb219179812.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\emily safewright.d2ltg0c1\application data\Adobe\plugs\kb219197296.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\emily safewright.d2ltg0c1\local settings\temp\ptmsywnejk.dll (Rogue.HDDScan) -> Quarantined and deleted successfully.
c:\documents and settings\emily safewright.d2ltg0c1\application data\Adobe\plugs\kb219239171.exe (Trojan.Agent) -> Quarantined and deleted successfully.

mcp1959
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2010-09-26
OS : XP
Points : 22960
# Likes : 0

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by Belahzur on Sun Dec 12, 2010 10:20 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by mcp1959 on Mon Dec 13, 2010 2:22 pm

text posted here. combofix insists i have sunbelt vipre installed, but i do not:

ComboFix 10-12-12.03 - Emily Safewright 12/13/2010 8:44.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.159 [GMT -5:00]
Running from: c:\documents and settings\Emily Safewright.D2LTG0C1\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Sunbelt VIPRE *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Emily Safewright.D2LTG0C1\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\Emily Safewright.D2LTG0C1\Application Data\Adobe\plugs

.
((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
.

2010-12-12 18:10 . 2010-12-12 18:10 -------- d-----w- c:\documents and settings\Emily Safewright.D2LTG0C1\Application Data\vShare
2010-12-12 18:10 . 2010-12-12 18:10 -------- d-----w- c:\program files\vShare
2010-12-11 20:53 . 2010-12-11 20:55 -------- d-----w- c:\program files\Morphyre
2010-12-11 14:46 . 2010-12-11 14:46 -------- d-----w- c:\documents and settings\Emily Safewright.D2LTG0C1\Local Settings\Application Data\Easy CD-DA Extractor
2010-12-11 14:46 . 2010-12-11 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2010-12-11 14:46 . 2010-12-11 14:46 -------- d-----w- c:\program files\Easy CD-DA Extractor 2010
2010-12-06 00:17 . 2010-12-06 00:27 -------- d-----w- C:\LEE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 22:42 . 2010-02-18 00:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 22:42 . 2010-02-18 00:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 01:02 . 2010-10-02 01:02 388096 ----a-r- c:\documents and settings\Emily Safewright.D2LTG0C1\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-26 21:00 . 2009-01-15 03:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-26 21:00 . 2010-09-26 21:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-18 16:23 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 17:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 17:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Emily Safewright.D2LTG0C1\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"igndlm.exe"="c:\program files\Download Manager\dlm.exe" [2009-05-14 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nosimplestartmenu"= 0 (0x0)
"norecentdochistory"= 1 (0x1)
"maxrecentdocs"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"ImapiService"=3 (0x3)
"Fax"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DLCXCATS"=rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\LMI26.tmp\\lmi_rescue.exe"=
"c:\\Documents and Settings\\Emily Safewright.D2LTG0C1\\Application Data\\mjusbsp\\magicJack.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/17/2010 7:29 AM 165584]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 4:43 PM 11352]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [7/17/2010 8:14 AM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 8:02 AM 95024]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [7/17/2010 8:03 AM 204632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/17/2010 7:29 AM 17744]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [7/17/2010 8:14 AM 69720]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 11:06 AM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 7:27 PM 19472]
S0 FPAV_RTP;FPAV_RTP;c:\windows\system32\DRIVERS\FStopW.sys --> c:\windows\system32\DRIVERS\FStopW.sys [?]
S3 KProcWatch;KProcWatch;\??\c:\windows\system32\drivers\KProcWatch.sys --> c:\windows\system32\drivers\KProcWatch.sys [?]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310v.sys --> c:\windows\system32\DRIVERS\mr97310v.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-12-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-03-14 15:47]

2010-12-13 c:\windows\Tasks\User_Feed_Synchronization-{74E3B3F6-800A-4959-AFFA-7DCF0B91911E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
IE: Google Sidewiki...
IE: Translate Page into English
FF - ProfilePath - c:\documents and settings\Emily Safewright.D2LTG0C1\Application Data\Mozilla\Firefox\Profiles\x6rmhy2x.booger\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-12-13 08:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-12-13 09:02:12
ComboFix-quarantined-files.txt 2010-12-13 14:01
ComboFix2.txt 2010-09-30 01:12

Pre-Run: 46,386,528,256 bytes free
Post-Run: 46,371,463,168 bytes free

- - End Of File - - 37000C15F50D14FBC9ECB6B69B8D9855


mcp1959
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2010-09-26
OS : XP
Points : 22960
# Likes : 0

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by Belahzur on Mon Dec 13, 2010 11:46 pm

Hello.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by mcp1959 on Tue Dec 14, 2010 10:45 pm

As per your request:

3DVIA player 5.0
50 FREE MP3s +1 Free Audiobook!
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Athlon 64 Processor Driver
avast! Free Antivirus
Big Fish Games Client
Broadcom Management Programs
Comcast High-Speed Internet Install Wizard
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support 3.2
Deus Ex: Game of the Year
Digital Content Portal
Digital Line Detect
Download Manager 2.3.6
Easy CD-DA Extractor 2010
ESET Online Scanner v3
Free CD Ripper 3.1
Free CD to MP3 Converter
Geiss2 for Winamp 2x (remove only)
Glary Utilities 2.30.0.1066
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IrfanView (remove only)
Java(TM) 6 Update 21
Junk Mail filter update
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mirar
Modem Diagnostic Tool
Mojo Master Winamp Visualizer for Winamp (remove only)
Morphyre
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySpaceIM
Netflix Movie Viewer
NVIDIA Drivers
NVIDIA nView Desktop Manager
Opera 9.23
Opera 9.60
PassAlong Software
PhoTags Express
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Task Manager 1.7h
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Star Trek Bridge Commander Demo
System Requirements Lab
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
vShare Plugin
WAV to MP3 Encoder
Winamp
Windows Essentials Media Codec Pack 2.3d
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Service Pack 3
Yahoo! Install Manager
Yahoo! Messenger


mcp1959
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2010-09-26
OS : XP
Points : 22960
# Likes : 0

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by Belahzur on Tue Dec 14, 2010 11:32 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.4.1
    Java(TM) 6 Update 21

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by mcp1959 on Wed Dec 15, 2010 11:09 pm

one quick question: how can i tell if i have windows or windows x64?

mcp1959
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2010-09-26
OS : XP
Points : 22960
# Likes : 0

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by mcp1959 on Wed Dec 15, 2010 11:30 pm

I answered my own question re the 64 bit.

the machine is running beautifully. You. Are. The. Man!

mcp1959
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2010-09-26
OS : XP
Points : 22960
# Likes : 0

View user profile

Back to top Go down

Re: HDD Virus - pc will not boot

Post by mcp1959 on Fri Dec 17, 2010 2:21 am

never mind, i found out. machine is running great; you are awesome!

mcp1959
Novice
Novice

Status :
Online
Offline

Posts : 30
Joined : 2010-09-26
OS : XP
Points : 22960
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum