Computer Hope
Software => Computer viruses and spyware => Topic started by: Kerjifire on February 24, 2010, 03:48:08 AM
-
When ever i click on a link Google redirects me to random sites. I read about ppls atapi.sys being infected.
This is my log 1/40 for the scan
http://www.virustotal.com/analisis/b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9-1267008170
-
Please visit this webpage for a tutorial on downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
See the area: Using ComboFix, and when done, post the log back here.
-
the Combofix won't load, like the green blocks reach the end, but the Blue Cmd Screen doesn't pop-up ???, oh & i forgot to mention that my Malwarebytes, Super-Antispyware & Ad-aware free r not updating
-
Sorry About Double Post But I loaded combofix for around 1 hr & it finally worked but i'm still getting redirects. Heres my log
ComboFix 10-02-24.03 - S Chung 25/02/2010 18:33:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1494 [GMT 11:00]
Running from: c:\documents and settings\S Chung\Desktop\ \Downloadz\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\S Chung\Application Data\.#
c:\windows\system32\spool\prtprocs\w32x86\00002642.tmp
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.
2010-02-23 11:21 . 2010-02-23 11:21 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-02-23 11:16 . 2009-06-07 05:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-23 11:16 . 2009-06-07 05:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-23 11:16 . 2010-02-23 11:16 -------- d-----w- c:\program files\Xvid
2010-02-23 05:53 . 2010-02-23 05:58 -------- d-----w- c:\program files\MegaLeecher
2010-02-22 07:22 . 2010-02-24 12:04 -------- d-----w- c:\documents and settings\S Chung\Application Data\uTorrent
2010-02-19 07:58 . 2010-01-07 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 07:58 . 2010-02-19 07:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-19 07:58 . 2010-01-07 05:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-18 08:44 . 2010-02-18 08:44 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-18 08:44 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-18 08:30 . 2010-02-18 08:30 15880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-18 08:29 . 2010-02-18 08:29 163728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-18 08:29 . 2010-02-18 08:29 327000 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-18 08:29 . 2010-02-18 08:29 87496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-16 09:48 . 2010-02-16 09:48 180224 ----a-w- c:\windows\system32\WinVd32.sys
2010-02-16 09:48 . 2010-02-16 09:48 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2010-02-16 06:37 . 2010-02-16 06:54 -------- d-----w- c:\program files\Audio Mid Recorder
2010-02-13 05:29 . 2010-02-13 05:29 -------- d-----w- c:\documents and settings\S Chung\Application Data\dvdcss
2010-02-12 11:04 . 2010-02-13 08:37 -------- d-----w- c:\documents and settings\S Chung\Application Data\vlc
2010-02-11 06:29 . 2010-02-22 07:22 -------- d-----w- c:\program files\uTorrent
2010-02-10 11:12 . 2010-02-10 11:12 -------- d-----w- c:\documents and settings\S Chung\Application Data\AVS4YOU
2010-02-10 11:09 . 2008-08-13 00:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-02-09 11:13 . 2010-02-17 09:39 -------- d-----w- c:\documents and settings\S Chung\Local Settings\Application Data\Adobe
2010-02-09 11:13 . 2010-02-09 11:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-07 16:41 . 2010-02-07 16:41 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-02-06 11:20 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-06 11:20 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-06 11:20 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-06 11:20 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-06 11:20 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-06 11:20 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-06 11:20 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-06 11:19 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-06 11:19 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-04 20:09 . 2010-02-04 20:09 503808 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcp71.dll
2010-02-04 20:09 . 2010-02-04 20:09 348160 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcr71.dll
2010-02-04 20:09 . 2010-02-04 20:09 499712 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\jmc.dll
2010-02-04 20:09 . 2010-02-04 20:09 61440 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-sse.dll
2010-02-04 20:09 . 2010-02-04 20:09 12800 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-d3d.dll
2010-02-04 20:08 . 2010-02-04 20:08 -------- d-----w- c:\documents and settings\M Chung\Local Settings\Application Data\Symantec
2010-02-04 20:04 . 2010-02-04 20:04 -------- d-----w- c:\documents and settings\M Chung\Application Data\Logitech
2010-02-02 08:19 . 2010-02-02 08:20 -------- d-----w- c:\program files\Hypersnap
2010-01-29 11:38 . 2010-01-29 11:38 -------- d-----w- c:\documents and settings\S Chung\Local Settings\Application Data\RapidSolution
2010-01-28 10:32 . 2010-01-28 10:32 -------- d-----w- c:\program files\New Folder
2010-01-28 09:46 . 2010-01-28 09:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2010-01-28 09:05 . 2010-01-28 09:05 10134 ----a-r- c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{638965F2-4A84-F3D5-DE33-FE6A8B1EF01C}\ARPPRODUCTICON.exe
2010-01-28 08:44 . 2007-09-14 10:05 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-01-28 08:33 . 2010-01-28 08:33 -------- d-----w- c:\program files\ATI
2010-01-28 07:03 . 2010-01-28 07:03 9158 ----a-r- c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-01-28 07:03 . 2010-01-28 07:11 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-01-26 21:20 . 2010-01-26 21:20 -------- d-----w- c:\documents and settings\S Chung\Local Settings\Application Data\Logitech
2010-01-26 11:20 . 2006-08-01 04:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2010-01-26 11:20 . 2010-01-26 11:20 -------- d-----w- c:\program files\Realtek AC97
2010-01-26 11:18 . 2009-12-14 01:33 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-01-26 09:29 . 2010-01-26 09:29 -------- d-----w- c:\program files\Driver-Soft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 06:33 . 2007-06-21 11:13 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-02-24 11:28 . 2010-02-24 11:30 2971136 ----a-w- c:\windows\Internet Logs\xDB2E.tmp
2010-02-24 11:28 . 2010-02-24 11:30 1784832 ----a-w- c:\windows\Internet Logs\xDB2D.tmp
2010-02-23 11:21 . 2009-07-02 01:31 -------- d-----w- c:\program files\DivX
2010-02-23 11:20 . 2009-07-02 01:31 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-23 10:37 . 2010-02-23 10:39 2961408 ----a-w- c:\windows\Internet Logs\xDB2C.tmp
2010-02-23 10:37 . 2010-02-23 10:39 3003904 ----a-w- c:\windows\Internet Logs\xDB2B.tmp
2010-02-23 07:43 . 2008-08-03 09:07 401408 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-23 07:43 . 2008-08-03 09:07 765952 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-21 11:15 . 2009-11-27 05:41 -------- d-----w- c:\documents and settings\S Chung\Application Data\Skype
2010-02-21 11:12 . 2008-09-02 07:30 -------- d-----r- c:\program files\Skype
2010-02-21 11:11 . 2008-09-02 07:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2010-02-21 10:37 . 2010-01-26 03:06 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-18 08:44 . 2008-04-25 05:16 -------- d-----w- c:\program files\Lavasoft
2010-02-18 08:30 . 2009-12-26 11:06 862040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-18 08:30 . 2009-12-26 11:06 206944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-18 08:30 . 2009-12-26 11:06 390288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-18 08:29 . 2009-12-26 11:06 537576 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-18 08:29 . 2009-12-26 11:06 389784 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-18 08:29 . 2009-12-26 11:05 6296864 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-18 08:29 . 2009-12-26 11:05 933120 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-18 08:29 . 2010-01-23 08:44 3803208 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-18 08:29 . 2009-12-26 11:05 816784 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-18 08:29 . 2009-12-26 11:05 823928 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-18 08:29 . 2009-12-26 11:05 1643272 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-18 08:29 . 2009-12-26 11:05 788880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-18 08:29 . 2009-12-26 11:05 1181328 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-17 09:29 . 2010-01-26 01:28 117760 ----a-w- c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-17 09:28 . 2009-06-07 06:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-16 06:35 . 2007-08-25 04:54 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-16 06:35 . 2009-12-07 02:03 -------- d-----w- c:\program files\AVS4YOU
2010-02-16 06:25 . 2009-11-26 08:15 -------- d-----w- c:\program files\Mp3tag
2010-02-14 00:27 . 2010-01-26 03:06 -------- d-----w- c:\program files\Spyware Doctor
2010-02-10 09:47 . 2010-02-10 09:48 1260032 ----a-w- c:\windows\Internet Logs\xDB2A.tmp
2010-02-04 20:04 . 2007-06-17 06:59 149440 ----a-w- c:\documents and settings\M Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 15:53 . 2009-12-26 11:07 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-03 11:32 . 2008-08-23 11:04 -------- d-----w- c:\program files\Sun
2010-02-03 11:30 . 2005-04-09 08:52 -------- d-----w- c:\program files\Java
2010-02-02 08:37 . 2005-04-06 13:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-02 08:37 . 2009-10-27 10:01 -------- d-----w- c:\program files\Macromedia
2010-02-02 08:37 . 2009-10-27 10:03 -------- d-----w- c:\program files\Common Files\Macromedia
2010-01-29 07:54 . 2010-01-18 04:54 -------- d-----w- c:\documents and settings\S Chung\Application Data\Auslogics
2010-01-29 07:48 . 2010-01-18 04:54 -------- d-----w- c:\program files\Auslogics
2010-01-28 10:02 . 2009-07-23 10:26 -------- d-----w- c:\program files\Paint.NET
2010-01-28 09:58 . 2009-06-21 02:44 149440 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-28 09:09 . 2009-10-25 04:12 -------- d-----w- c:\program files\ATI Technologies
2010-01-27 05:12 . 2008-07-03 07:37 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-27 04:38 . 2008-07-03 07:38 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-27 01:44 . 2009-10-25 05:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-26 21:21 . 2009-05-26 08:12 -------- d-----w- c:\program files\Logitech
2010-01-26 21:17 . 2009-05-26 08:12 -------- d-----w- c:\program files\Common Files\Logitech
2010-01-26 04:16 . 2010-01-26 04:16 -------- d-----w- c:\documents and settings\S Chung\Application Data\Simply Super Software
2010-01-26 04:16 . 2010-01-26 04:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Simply Super Software
2010-01-26 03:06 . 2010-01-26 03:06 -------- d-----w- c:\documents and settings\S Chung\Application Data\PC Tools
2010-01-26 01:32 . 2010-01-26 01:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-26 01:31 . 2010-01-26 01:31 52224 ----a-w- c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-26 01:28 . 2010-01-26 01:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-01-26 01:28 . 2010-01-26 01:28 65024 ----a-r- c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-01-26 01:28 . 2010-01-26 01:28 5120 ----a-r- c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-01-26 01:28 . 2010-01-26 01:28 -------- d-----w- c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com
2010-01-25 11:41 . 2009-12-14 08:01 -------- d-----w- c:\program files\Replay Music 3
2010-01-25 06:03 . 2010-01-25 05:56 -------- d-----w- c:\documents and settings\S Chung\Application Data\Error Fix
2010-01-25 06:02 . 2010-01-25 05:56 -------- d-----w- c:\program files\Error Fix
2010-01-25 05:37 . 2005-04-09 08:52 -------- d-----w- c:\program files\Common Files\Java
2010-01-25 05:36 . 2010-01-25 05:36 61440 ----a-w- c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c4c06a6-n\decora-sse.dll
2010-01-25 05:36 . 2010-01-25 05:36 503808 ----a-w- c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20410059-n\msvcp71.dll
2010-01-25 05:36 . 2010-01-25 05:36 499712 ----a-w- c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20410059-n\jmc.dll
2010-01-25 05:36 . 2010-01-25 05:36 348160 ----a-w- c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20410059-n\msvcr71.dll
2010-01-25 05:36 . 2010-01-25 05:36 12800 ----a-w- c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c4c06a6-n\decora-d3d.dll
2010-01-25 05:03 . 2010-01-25 05:03 -------- d-----w- c:\documents and settings\S Chung\Application Data\ScanSoft
2010-01-25 05:03 . 2010-01-25 05:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SSScanWizard
2010-01-25 05:03 . 2010-01-25 05:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
2010-01-25 05:03 . 2007-02-03 10:28 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-01-25 04:58 . 2010-01-25 04:58 -------- d-----w- c:\program files\ArcSoft
2010-01-25 04:56 . 2006-02-07 12:05 -------- d-----w- c:\program files\Canon
2010-01-25 00:06 . 2010-01-24 10:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2010-01-24 23:46 . 2010-01-24 23:58 140288 ----a-w- c:\windows\Internet Logs\xDB29.tmp
2010-01-24 10:55 . 2008-07-05 13:36 -------- d-----w- c:\program files\Alwil Software
2010-01-23 08:34 . 2005-04-30 13:35 -------- d-----w- c:\program files\QuickTime
2010-01-23 08:31 . 2008-12-08 03:22 -------- d-----w- c:\program files\Common Files\Apple
2010-01-23 08:30 . 2008-08-18 08:54 -------- d-----w- c:\program files\Apple Software Update
2010-01-23 00:41 . 2010-01-23 00:41 -------- d-----w- c:\documents and settings\S Chung\Application Data\Logitech
2010-01-23 00:38 . 2010-01-23 00:38 -------- d-----w- c:\documents and settings\S Chung\Application Data\Leadertech
2010-01-23 00:38 . 2009-05-26 08:25 -------- d-----w- c:\program files\Common Files\Logishrd
2010-01-23 00:38 . 2009-05-26 08:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\LogiShrd
2010-01-23 00:36 . 2010-01-23 00:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Logitech
2010-01-23 00:09 . 2010-01-23 00:11 2403840 ----a-w- c:\windows\Internet Logs\xDB28.tmp
2010-01-22 23:33 . 2010-01-22 23:39 2400768 ----a-w- c:\windows\Internet Logs\xDB27.tmp
2010-01-22 06:58 . 2010-01-22 07:38 2399744 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2010-01-22 06:58 . 2010-01-22 07:38 49664 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2010-01-22 05:17 . 2007-11-11 03:37 4828308 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-21 05:10 . 2010-01-21 07:34 69120 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2010-01-20 22:07 . 2009-03-28 02:51 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 06:15 . 2010-01-18 06:17 2381312 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2010-01-18 06:15 . 2010-01-18 06:17 65024 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2010-01-17 03:38 . 2010-01-17 03:39 58880 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2010-01-16 08:21 . 2010-01-16 23:22 134656 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 07:08 . 2009-12-31 07:08 10134 ----a-r- c:\documents and settings\M Chung\Application Data\Microsoft\Installer\{638965F2-4A84-F3D5-DE33-FE6A8B1EF01C}\ARPPRODUCTICON.exe
2009-12-27 05:50 . 2009-12-28 00:52 204800 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2000-01-01 00:00 . 2000-01-01 00:00 23 --sh--r- c:\windows\mtlid64s2.dat
.
------- Sigcheck -------
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 08:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-01-22 67128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"DNTVSchedulerProTray Icon"="c:\program files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe" [2009-03-14 167936]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 03:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 01:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Battle For Middle Earth I\\game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Call of Duty Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Nexon\\Combat Arms\\NMService.exe"=
"h:\combat arms\CombatArms.exe"= h:\combat arms\CombatArms.exe:*Enabled:CombatArms.exe
"h:\combat arms\Engine.exe"= h:\combat arms\Engine.exe:*Enabled:Engine.exe
"h:\\Combat Arms\\NMService.exe"=
"h:\\Prince of Persia\\Prince of Persia.exe"=
"h:\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"h:\\BFME2\\game.dat"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\S Chung\\Desktop\\ \\Downloadz\\utorrent(2).exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58508:TCP"= 58508:TCP:Pando Media Booster
"58508:UDP"= 58508:UDP:Pando Media Booster
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26/12/2009 10:07 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [26/01/2010 2:06 PM 207792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/02/2010 10:20 PM 162512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8:43 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/02/2010 10:20 PM 19024]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [26/01/2010 2:08 PM 112592]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/01/2010 11:38 AM 10384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/02/2010 6:58 PM 236368]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [16/02/2010 8:48 PM 17984]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/02/2010 6:58 PM 19160]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 DNTVSchedulerPro;DNTV Scheduler Pro Service;c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf --> c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf [?]
S2 gupdate1ca0c3d8ecb7ade;Google Update Service (gupdate1ca0c3d8ecb7ade);c:\program files\Google\Update\GoogleUpdate.exe [24/07/2009 8:03 PM 133104]
S2 msrvc;msrvc;c:\ssrcc\msrvc.exe --> c:\ssrcc\msrvc.exe [?]
S2 ssrcc;ssrcc;c:\ssrcc\ssrcc.exe --> c:\ssrcc\ssrcc.exe [?]
S3 gagp440p;gAGP440p;
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [5/02/2010 2:52 AM 1228208]
S3 lwadihid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [24/06/2008 8:01 PM 20864]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8:43 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [26/01/2010 2:10 PM 359624]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52]
2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]
2010-02-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-02 09:01]
2009-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5adf3171372.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]
2009-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]
2010-02-19 c:\windows\Tasks\Malwarebytes' Scheduled Scan for S Chung.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-02-19 05:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: buttongenerator.com
Trusted Zone: wtso.net\www
TCP: {871466D7-BD14-429F-A174-40DED368A122} = 93.188.163.113,93.188.161.83
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 18:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\sys_drv.dat 9036 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\windows\system32\WinFLdrv.sys 17984 bytes executable
c:\documents and settings\S Chung\Application Data\systemfl.$dk 990 bytes
scan completed successfully
hidden files: 4
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A6278C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf758ecb8
\Driver\atapi -> atapi.sys @ 0xf7483b3a
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(1412)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-25 18:51:29
ComboFix-quarantined-files.txt 2010-02-25 07:51
ComboFix2.txt 2010-02-04 08:28
Pre-Run: 20,544,013,824 bytes free
Post-Run: 20,515,973,120 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\="Unidentified operating system on drive C."
- - End Of File - - 338F557B0607EB00986C291F98BBD68B
-
Please download <a href="http://www.helpmyos.com/Cheetah-php-h15.htm?cheetah.zip" target="_blank">Cheetah-Anti-Rogue[/url], and save to your Desktop.
- Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
- Double-click on Cheetah-Anti-Rogue.cmd to start.
- It will finish quickly and launch a log.
- Post the contents of it in your next reply.
-
Cheetah-Anti-Rogue v1.3.11
by DragonMaster Jay
Microsoft Windows XP [Version 5.1.2600]
Date: 26/02/2010 - Time: 16:47:57 - Arch.: x86
-- Malware removal tools check --
CCleaner
Malwarebytes' Anti-Malware
SUPERAntiSpyware
-- Known infection --
Extra message: Detection only.
EOF
-
Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
-
My Malwarebytes won't update. Virus ???, oh & i got the BSOD when first starting the scan
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
26/02/2010 7:13:12 PM
mbam-log-2010-02-26 (19-13-12).txt
Scan type: Quick Scan
Objects scanned: 172933
Time elapsed: 17 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Download WhoCrashed from here (http://www.resplendence.com/download/whocrashedSetup.exe)
This program checks for any drivers which may have been causing your computer to crash....
Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes
WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply
-
Analysis
--------------------------------------------------------------------------------
Crash dump directory: C:\WINDOWS\Minidump
Crash dumps are enabled on your computer.
No valid crash dumps have been found on your computer
--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------
Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.
-
Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky (http://telecharger.kaspersky.fr/GSI/GetSystemInfo.exe) and save it to your Desktop.
(http://www.spywareinfoforum.com/style_images/ip.boardpr/folder_post_icons/icon13.gif) Please close all other applications running on your system.
Please double click GetSystemInfo.exe to open it.
Click the Settings button.(http://i40.tinypic.com/2hd457o.gif)
(http://i41.tinypic.com/34gul1w.gif)
Set it to Maximum
(http://i41.tinypic.com/2n9gldh.gif)
(http://www.spywareinfoforum.com/style_images/ip.boardpr/folder_post_icons/icon13.gif) IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.
Click Create Report to run it.(http://i44.tinypic.com/2ekm73m.gif)
It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser (http://www.getsysteminfo.com) and click the Submit button.
Please copy and paste the url of the GSI Parser report (not the log) in your next reply.
-
http://www.getsysteminfo.com/read.php?file=e0d1337a2a81abbe3a481a61d1e0a6af
-
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
-
it keeps on going Not Responding when i leave it for 15m alone.
-
Please download OTS by OldTimer (http://oldtimer.geekstogo.com/OTS.exe) and save it to your Desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.- Close ALL OTHER PROGRAMS.
- Double-click on OTS to start the program (if you are running on Vista then right-click the program and
choose Run as Administrator).
- At the top, tick on Scan All Users section
- At File Age set it to 90 Days
- In the Processes, Modules, Services, Drivers, and Registry
section, please set on Safe List.
- In the Files Created Within and Files Modified Within section, set it to File Age
- At the bottom, tick on all Safe List and Use Company Name WhiteList option
- Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them: Reg - Disabled MS Config Items
Reg - Drivers32
Reg - Ext
Reg - IE
Explorer Bar
Reg - NetSvcs
Reg - Safeboot Minimal
Reg - Safeboot Network
File - Lop Check
File - Purity Scan
- Do NOT change any other settings.
- Now click the Run Scan button on the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
-
The txt file was in the folder but my OTL finished like this in the attachment.
[Saving space, attachment deleted by admin]
-
Hi
Instead of attaching it, please copy and paste the report in to about two replies here.
-
OTL logfile created on: 28/02/2010 2:18:12 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\S Chung\Desktop\ \Downloadz
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.74 Gb Total Space | 15.19 Gb Free Space | 23.47% Space Free | Partition Type: NTFS
Drive D: | 45.25 Gb Total Space | 11.27 Gb Free Space | 24.92% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 4.55 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 20.62 Gb Free Space | 52.78% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 199.73 Gb Total Space | 135.51 Gb Free Space | 67.85% Space Free | Partition Type: NTFS
Drive I: | 296.53 Gb Total Space | 13.07 Gb Free Space | 4.41% Space Free | Partition Type: NTFS
Drive J: | 329.06 Gb Total Space | 214.31 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
Computer Name: CSC2
Current User Name: S Chung
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/02/28 12:34:57 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\ \Downloadz\OTL.exe
PRC - [2010/02/12 05:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/12 05:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/27 16:12:17 | 000,215,104 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/17 17:14:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/07/24 20:02:47 | 000,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/22 17:38:50 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 17:37:16 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/03/14 22:28:30 | 000,167,936 | ---- | M] (Renura Enterprises Pty Ltd) -- C:\Program Files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe
PRC - [2009/03/01 10:36:35 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/02/16 01:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 01:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 16:28:32 | 000,061,440 | ---- | M] () -- C:\Program Files\PC-TV\WinManager\WinManager.exe
PRC - [2007/09/15 00:55:02 | 000,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004/10/01 13:24:48 | 000,135,168 | ---- | M] () -- C:\Program Files\DNTV Scheduler Pro\wrapper.exe
PRC - [2003/05/08 11:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
========== Modules (SafeList) ==========
MOD - [2010/02/28 12:34:57 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\ \Downloadz\OTL.exe
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/20 12:25:22 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2003/05/08 11:00:46 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (ssrcc)
SRV - File not found [Auto | Stopped] -- -- (msrvc)
SRV - File not found [Auto | Running] -- -- (DNTVSchedulerPro)
SRV - [2010/02/12 05:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/12 05:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/12 05:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/05 02:52:57 | 001,228,208 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/27 16:12:17 | 000,215,104 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/24 20:02:47 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca0c3d8ecb7ade) Google Update Service (gupdate1ca0c3d8ecb7ade)
SRV - [2009/07/24 20:01:43 | 000,190,448 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/01 10:36:35 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/02/16 01:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/29 10:01:22 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2007/09/15 00:55:02 | 000,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/09/14 21:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/04/06 14:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 09 BF 1B B6 9D CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginen ame: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.3.s
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.no_proxies_on: "local"
FF - prefs.js..network.proxy.share_proxy_set tings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/14 22:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 18:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/21 18:47:09 | 000,000,000 | ---D | M]
[2009/11/24 18:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mozilla\Extensions
[2010/02/26 21:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions
[2010/01/25 15:06:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/24 18:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\[email protected]
[2010/02/02 18:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\SkipScreen@SkipScreen
[2010/02/02 18:52:32 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\searchplugins\ask.uk.xml
[2010/02/26 21:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/08 22:29:36 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
O1 HOSTS File: ([2010/02/04 19:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DNTVSchedulerProTray Icon] C:\Program Files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe (Renura Enterprises Pty Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: buttongenerator.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: wtso.net ([www] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256421470390 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\S Chung\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\S Chung\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/07 00:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/07 00:15:00 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/25 06:13:42 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WdfLoadGroup -
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646d-cd3c-40f4-97b9-cd9e4e6262ef} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89b4c1cd-b018-4511-b0a1-5476dbf70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MKVC - C:\WINDOWS\System32\KMVIDC32.DLL ()
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
========== Files/Folders - Created Within 14 Days ==========
[2010/02/27 15:24:47 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/27 10:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2010/02/25 19:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Desktop\Ratings
[2010/02/25 19:15:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/25 18:28:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/25 17:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Desktop\avenger
[2010/02/23 22:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/02/23 22:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/02/23 16:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\MegaLeecher
[2010/02/22 18:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/02/19 18:58:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/19 18:58:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/19 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/18 19:44:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/17 22:23:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/16 21:18:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\S Chung\Recent
[2010/02/16 19:51:11 | 000,126,976 | ---- | C] (Adavanced Systems ) -- C:\WINDOWS\System32\tton.ocx
[2010/02/16 17:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audio Mid Recorder
[2006/12/09 11:08:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/04/07 00:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/04/07 00:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/04/07 00:03:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/02/28 12:32:57 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/28 12:32:26 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/02/28 12:32:06 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/28 12:31:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/28 12:31:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 12:31:18 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/28 01:07:24 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\S Chung\NTUSER.DAT
[2010/02/28 01:07:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\S Chung\ntuser.ini
[2010/02/27 22:35:18 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/27 21:51:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/27 17:53:10 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/27 17:44:12 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\MATHS PROBLEMS Part 4.doc
[2010/02/27 15:06:17 | 003,873,931 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/02/27 12:01:07 | 000,638,548 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/27 10:36:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 22:32:31 | 003,729,202 | -H-- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\IconCache.db
[2010/02/26 22:13:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 17:28:25 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/02/26 17:07:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/25 21:23:35 | 001,190,400 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Should Australia Have An R Rating For Games.ppt
[2010/02/25 18:45:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/25 18:28:12 | 000,000,330 | RHS- | M] () -- C:\boot.ini
[2010/02/24 21:44:38 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\avenger.zip
[2010/02/24 21:25:19 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Australia should have an R rating for games.doc
[2010/02/24 21:20:59 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$stralia should have an R rating for games.doc
[2010/02/23 11:11:28 | 000,085,797 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Cheetah-Anti-Rogue.cmd
[2010/02/22 20:02:53 | 000,001,015 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Shortcut to HprSnap6.lnk
[2010/02/21 22:12:13 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk
[2010/02/21 20:37:49 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Maths Questions.doc
[2010/02/19 18:58:44 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for S Chung.job
[2010/02/18 19:55:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/18 19:44:43 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/02/16 21:19:15 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\The Most Dangerous Game Review.doc
[2010/02/16 20:48:20 | 000,180,224 | ---- | M] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 20:48:18 | 000,007,680 | ---- | M] () -- C:\WINDOWS\System32\WinFLsrv.exe
[2010/02/16 18:50:28 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$e Most Dangerous Game Review.doc
[2010/02/16 17:44:19 | 000,000,067 | ---- | M] () -- C:\WINDOWS\AudioMidRecorder.INI
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
-
[2010/02/27 17:52:58 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/27 15:06:08 | 003,873,931 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/02/27 11:55:08 | 000,638,548 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/27 10:36:01 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 22:13:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 17:07:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/26 16:47:19 | 000,085,797 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Cheetah-Anti-Rogue.cmd
[2010/02/25 20:05:09 | 001,190,400 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Should Australia Have An R Rating For Games.ppt
[2010/02/25 18:28:11 | 000,000,260 | ---- | C] () -- C:\Boot.bak
[2010/02/25 18:28:08 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/25 17:10:13 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/24 21:44:37 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\avenger.zip
[2010/02/24 21:20:59 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$stralia should have an R rating for games.doc
[2010/02/23 22:16:57 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/23 22:16:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/22 21:46:38 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\MATHS PROBLEMS Part 4.doc
[2010/02/22 20:01:06 | 000,001,015 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Shortcut to HprSnap6.lnk
[2010/02/22 19:28:38 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Australia should have an R rating for games.doc
[2010/02/21 22:12:13 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk
[2010/02/21 19:08:33 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Maths Questions.doc
[2010/02/19 18:58:44 | 000,000,500 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for S Chung.job
[2010/02/18 19:44:43 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/02/16 20:48:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 20:48:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\WinFLsrv.exe
[2010/02/16 20:48:05 | 000,033,982 | ---- | C] () -- C:\WINDOWS\System32\flk-icon.ico
[2010/02/16 18:50:28 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$e Most Dangerous Game Review.doc
[2010/02/16 17:37:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2010/02/15 21:41:01 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\The Most Dangerous Game Review.doc
[2010/01/26 14:08:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/25 16:03:25 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/12/15 15:08:59 | 000,000,355 | ---- | C] () -- C:\WINDOWS\Sonic3K.INI
[2009/12/14 19:02:54 | 000,075,600 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\ReplayMusicLog.log
[2009/11/24 21:45:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/23 22:02:51 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/26 22:13:43 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/10/24 20:07:25 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2009/09/11 11:00:34 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/24 20:00:27 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/04 16:06:18 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\fusioncache.dat
[2009/06/22 20:49:58 | 000,004,904 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ypkpiykb.yyr
[2009/05/27 21:40:54 | 000,001,814 | ---- | C] () -- C:\WINDOWS\HprSnap.INI
[2009/05/26 20:19:33 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/23 00:10:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2009/05/23 00:10:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2008/11/12 07:59:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/05 22:58:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/10/12 09:36:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2008/10/12 09:36:11 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/10/12 09:36:06 | 000,000,778 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2008/10/12 09:36:06 | 000,000,080 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2008/07/03 18:38:01 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/03 18:38:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\PnkBstrK.sys
[2008/01/28 22:05:33 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/10/22 20:47:36 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\AVSDVDPlayer.m3u
[2007/09/08 18:06:57 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007/08/04 22:51:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/07/04 22:26:05 | 000,138,240 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/30 16:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/06/27 18:11:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/18 21:09:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 21:12:31 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/06/15 20:01:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7M.DLL
[2007/06/14 22:28:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/11/29 09:09:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT4.dll
[2004/11/29 09:05:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT3.dll
[2004/11/28 15:28:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT2.dll
[2004/11/28 15:11:01 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT1.dll
[2004/08/04 11:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/08 23:04:46 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\caacedfedaadeca.dll
========== LOP Check ==========
[2010/01/25 11:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2007/06/15 20:01:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2007/09/21 18:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Chaos Software
[2009/08/27 21:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2009/03/17 20:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Graboid Inc
[2007/11/05 13:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
[2009/10/31 11:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nexon
[2008/08/04 18:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS
[2007/06/20 21:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\pixelStorm
[2009/06/08 22:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PMB Files
[2010/01/26 15:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software
[2010/01/25 16:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
[2010/01/25 16:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SSScanWizard
[2010/02/28 12:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/10/02 14:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
[2009/10/15 16:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2010/02/18 19:44:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/11/25 22:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Any Video Converter
[2010/01/29 18:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Auslogics
[2010/01/25 17:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Error Fix
[2010/01/23 11:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Leadertech
[2009/11/26 19:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mp3tag
[2009/12/14 14:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\My Battle for Middle-earth(tm) II Files
[2009/11/19 21:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Registry Mechanic
[2010/01/25 16:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\ScanSoft
[2010/01/26 15:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Simply Super Software
[2009/11/20 10:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Ubisoft
[2010/02/28 01:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/02/18 19:55:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\*. /mp /s >
< c:\$recycle.bin\*.* /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-02-26 05:41:04
-
< MD5 for: AGP440.SYS >
[2004/08/04 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/10/25 09:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/10/25 09:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/25 09:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/10/25 09:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 23:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008/04/14 11:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/14 11:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/14 11:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\autochk.exe
[2008/04/14 11:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 23:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: BEEP.SYS >
[2004/08/04 23:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/04 23:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 23:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\eventlog.dll
[2004/08/04 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\explorer.exe
[2007/06/13 22:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/04 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: IMM32.DLL >
[2008/04/14 11:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/14 11:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/14 11:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\imm32.dll
[2008/04/14 11:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 23:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll
< MD5 for: KERNEL32.DLL >
[2007/04/17 03:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2004/08/04 23:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2004/08/04 23:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/22 01:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/22 01:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/22 01:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 11:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 11:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2008/04/14 11:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\kernel32.dll
[2009/03/22 00:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
< MD5 for: LOGEVENT.DLL >
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\logevent.dll
< MD5 for: MSWSOCK.DLL >
[2008/06/21 04:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 23:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2004/08/04 23:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/21 04:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/21 04:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/21 04:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/21 04:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 11:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 11:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/04/14 11:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\mswsock.dll
[2008/06/21 04:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
< MD5 for: NDIS.SYS >
[2008/04/14 06:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/14 06:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/14 06:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ndis.sys
[2008/04/14 06:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 23:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\netlogon.dll
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NTFS.SYS >
[2007/02/09 22:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2008/04/14 06:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/14 06:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/14 06:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ntfs.sys
[2008/04/14 06:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 23:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2004/08/04 23:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
< MD5 for: NTMSSVC.DLL >
[2008/04/14 11:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/14 11:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/14 11:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ntmssvc.dll
[2008/04/14 11:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 23:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll
< MD5 for: PROQUOTA.EXE >
[2004/08/04 23:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 11:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/14 11:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\proquota.exe
[2008/04/14 11:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe
< MD5 for: QMGR.DLL >
[2004/08/04 23:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 11:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 11:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 11:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\qmgr.dll
[2008/04/14 11:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 11:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SFCFILES.DLL >
[2004/08/04 23:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 11:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 11:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/14 11:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\sfcfiles.dll
[2008/04/14 11:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll
< MD5 for: SPOOLSV.EXE >
[2004/08/04 23:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2004/08/04 23:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/11 11:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/14 11:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2008/04/14 11:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/14 11:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\spoolsv.exe
[2008/04/14 11:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe
< MD5 for: SRSVC.DLL >
[2008/04/14 11:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/14 11:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/14 11:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\srsvc.dll
[2008/04/14 11:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 23:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
< MD5 for: SVCHOST.EXE >
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TERMSRV.DLL >
[2004/08/04 23:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/14 11:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/14 11:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/14 11:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\termsrv.dll
[2008/04/14 11:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll
< MD5 for: USERINIT.EXE >
[2004/08/04 23:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WS2_32.DLL >
[2008/04/14 11:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/14 11:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 11:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ws2_32.dll
[2008/04/14 11:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 23:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
< MD5 for: XMLPROV.DLL >
[2008/04/14 11:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/14 11:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/14 11:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\xmlprov.dll
[2008/04/14 11:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 23:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll
< %systemroot%\system32\*.dll /lockedfiles >
[2007/09/15 01:06:12 | 000,356,352 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
-
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB867282\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB873333\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB885250\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB887742\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB887742\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB888113\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB888113\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB890047\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB890175\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB890175\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB893066\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB896422\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB896422\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB896424\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB899589\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB899589\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB905915\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB911567\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB911567\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB912812\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB912919\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB913446\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB916281\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB917159\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB917159\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB917422\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB918899\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB920214\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB920214\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB921398\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB921883\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB922616\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB922616\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB922760\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB923694\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB923694\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB925454\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB925486\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB925486\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB928090\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB929120\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB929120\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB929338\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB931768\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB969059\KB969059] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB971486\KB971486] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB973525\KB973525] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB974112\KB974112] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB974455-IE8\KB974455-IE8] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB974571\KB974571] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB975025\KB975025] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB975467\KB975467] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\.file_store_32\.file_store_32] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP106.tmp\ZAP106.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12D.tmp\ZAP12D.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14C.tmp\ZAP14C.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP158.tmp\ZAP158.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP189.tmp\ZAP189.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22.tmp\ZAP22.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33.tmp\ZAP33.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39.tmp\ZAP39.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b699752\1.0.5000.0__b77a5c561934e089_5b699752] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a93ef261\1.0.5000.0__b03f5f7f11d50a3a_a93ef261] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_68a48036\1.0.5000.0__b03f5f7f11d50a3a_68a48036] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_e4e0a1d0\1.0.5000.0__b77a5c561934e089_e4e0a1d0] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_72b8f754\1.0.5000.0__b77a5c561934e089_72b8f754] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_720f98b4\1.0.5000.0__b77a5c561934e089_720f98b4] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\tmp\tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\BBSTORE\DSS\DSS] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Config\Config] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Connection Wizard\Connection Wizard] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d1\d1] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d2\d2] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d3\d3] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d4\d4] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d5\d5] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d6\d6] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d7\d7] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d8\d8] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Debug\WPD\WPD] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Downloaded Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\{628E8630-7947-49EA-BE90-7F8BFF77A79C}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Downloaded Installations\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ftpcache\ftpcache] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\chsime\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\CHTIME\Applets\Applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp98\imejp98] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imjp8_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\dicts\dicts] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\shared\res\res] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{00180409-78E1-11D2-B60F-006097C998E7}\{00180409-78E1-11D2-B60F-006097C998E7}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{08CA9554-B5FE-4313-938F-D4A417B81175}\{08CA9554-B5FE-4313-938F-D4A417B81175}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150060}\{3248F0A8-6813-11D6-A77B-00B0D0150060}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{3CB41017-F5CA-4C56-934C-ED02156251E6}\{3CB41017-F5CA-4C56-934C-ED02156251E6}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\{83437081-8186-4F63-BD39-4BE8A691E055}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{9176251A-4CC1-4DDB-B343-B487195EB397}\{9176251A-4CC1-4DDB-B343-B487195EB397}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{9DE006A5-B384-4EDE-A760-0F217136B9EA}\{9DE006A5-B384-4EDE-A760-0F217136B9EA}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70700000002}\{AC76BA86-7AD7-1033-7B44-A70700000002}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\java\classes\classes] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\java\trustlib\trustlib] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Media\java\classes\classes] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Media\java\trustlib\trustlib] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\msapps\msinfo\msinfo] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\ErrorRep\UserDumps\UserDumps] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\BATCH\BATCH] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\Config\News\News] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\System\DFS\DFS] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\Temp\Temp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PIF\PIF] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\{077ACEC7-979C-40AB-9835-435BA1511E0D}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\{30C7234B-6482-4A55-A11D-ECD9030313F2}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\{60204BB3-7078-4F70-8F69-68297621941C}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\{981FB688-E76B-4246-987B-92083185B90A}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\{A47B3654-48EE-48A5-B629-97D70175E58F}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\{DD90D410-1823-43EB-9A16-A2331BF08799}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\Provisioning\Schemas\Schemas] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Registration\CRMLog\CRMLog] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\setup.pss\setup.pss] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\10\msft\windows\gdiplus\gdiplus] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\dxmrtp\dxmrtp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcdll\rtcdll] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcres\rtcres] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\vcrtl\vcrtl] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\windows\common\controls\controls] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\70\msft\windows\mswincrt\mswincrt] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ip\ip] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\lang\lang] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\download\download] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\7f3ae1c8d5ca0198c5822b2c4364147d\7f3ae1c8d5ca0198c5822b2c4364147d] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\cf7ced0e70c80a1e476f1abf49afecb1] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\51ca4a3fc75deb57bb45c683cb369013\51ca4a3fc75deb57bb45c683cb369013] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Sun\Java\Deployment\Deployment] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SxsCaPendDel\SxsCaPendDel] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\InstallTemp\58143\58143] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217] -> \Device\__max++>\^ -> Mount Point
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C46995DA
@Alternate Data Stream - 260 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:66633281
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0888F409
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FB1B13D8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0C232DFB
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B63300D1
< End of report >
-
Please run OTL.exe.
- Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\system32\dllcache\atapi.sys /replace
:Folders
C:\Documents and Settings\S Chung\Application Data\Error Fix
:otl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 09 BF 1B B6 9D CA 01 [binary data]
O15 - HKCU\..Trusted Domains: buttongenerator.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: wtso.net ([www] http in Trusted sites)
- Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
- Click the red Run Fix button.
- A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
============
Do you have a proxy server enabled on both Internet Explorer or Firefox?
I am talking about these entries:
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.no_proxies_on: "local"
FF - prefs.js..network.proxy.share_proxy_set tings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8080
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080
If you do not recognize these entries, please let me know.
==========
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:filefind
ssrcc*
msrvc*
*error fix*
:folderfind
ssrcc*
msrvc*
*error fix*
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
--
Please make sure the OTL and SystemLook logs are posted in your next reply. Also, please tell me if the redirects continue, and if you know about those proxy servers.
-
OTL doesn't have a light green bar but OTS does.
& with the proxy thing I used to have one called INvisible Browsing but deleted it already.
-
Ok. Well do the fixes, please. Post the logs back here. Thanks.
-
Error: Unable to interpret <========== FILES ==========> in the current context!
Error: Unable to interpret <Unable to replace file: C:\WINDOWS\system32\drivers\atapi.sys with C:\WINDOWS\system32\dllcache\atapi.sys without a reboot.> in the current context!
Error: Unable to interpret <Error: Unable to interpret <:Folders> in the current context!> in the current context!
Error: Unable to interpret <Error: Unable to interpret <C:\Documents and Settings\S Chung\Application Data\Error Fix> in the current context!> in the current context!
Error: Unable to interpret <========== OTL ==========> in the current context!
Error: Unable to interpret <HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!> in the current context!
Error: Unable to interpret <Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buttongenerator.com\ deleted successfully.> in the current context!
Error: Unable to interpret <Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wtso.net\www\ deleted successfully.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.1.30.3 log created on 03022010_185718> in the current context!
Error: Unable to interpret <Files\Folders moved on Reboot...> in the current context!
Error: Unable to interpret <Registry entries deleted on Reboot...> in the current context!
OTL by OldTimer - Version 3.1.30.3 log created on 03022010_190603
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:16 on 02/03/2010 by S Chung (Administrator - Elevation successful)
========== filefind ==========
Searching for "ssrcc*"
No files found.
Searching for "msrvc*"
No files found.
Searching for "*error fix*"
No files found.
========== folderfind ==========
Searching for "ssrcc*"
No folders found.
Searching for "msrvc*"
No folders found.
Searching for "*error fix*"
C:\Documents and Settings\S Chung\Application Data\Error Fix d----- [05:56 25/01/2010]
C:\Program Files\Error Fix d----- [05:56 25/01/2010]
-=End Of File=-
& i still got the redirect problem
-
Oh & sorry about double post but u may delete that proxy stuff if it doesn't harm my system.
-
- Download Win32kDiag from any of the following locations and save it to your Desktop.
- Download Win32kDiag (Win32kDiag.exe) - #1 (http://ad13.geekstogo.com/Win32kDiag.exe)
- Download Win32kDiag (Win32kDiag.exe) - #2 (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe)
- Download Win32kDiag (Win32kDiag.exe) - #3 (http://rootrepeal.psikotick.com/Win32kDiag.exe)
- Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
- When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
- Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.
-
Running from: C:\Documents and Settings\S Chung\Desktop\ \Downloadz\Win32kDiag.exe
Log file at : C:\Documents and Settings\S Chung\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB867282\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB873333\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB885250\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB887742\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB887742\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB888113\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB888113\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB890047\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB890175\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB890175\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB893066\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB896422\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB896422\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB896424\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB899589\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB899589\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB905915\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB911567\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB911567\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB912919\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB913446\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB916281\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB917159\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB917159\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB917422\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB920214\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB920214\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB921398\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB921883\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB922616\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB922616\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB923694\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB923694\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB925454\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB925486\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB925486\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB928090\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB929120\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB929120\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB929338\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB931768\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB974455-IE8\KB974455-IE8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$hf_mig$\KB975467\KB975467
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\.file_store_32\.file_store_32
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b699752\1.0.5000.0__b77a5c561934e089_5b699752
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_720f98b4\1.0.5000.0__b77a5c561934e089_720f98b4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a93ef261\1.0.5000.0__b03f5f7f11d50a3a_a93ef261
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_68a48036\1.0.5000.0__b03f5f7f11d50a3a_68a48036
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_e4e0a1d0\1.0.5000.0__b77a5c561934e089_e4e0a1d0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_72b8f754\1.0.5000.0__b77a5c561934e089_72b8f754
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP106.tmp\ZAP106.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12D.tmp\ZAP12D.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14C.tmp\ZAP14C.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP158.tmp\ZAP158.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP189.tmp\ZAP189.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22.tmp\ZAP22.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33.tmp\ZAP33.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39.tmp\ZAP39.tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\BBSTORE\DSS\DSS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d1\d1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d2\d2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d3\d3
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d4\d4
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d5\d5
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d6\d6
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d7\d7
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\CSC\d8\d8
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\WPD\WPD
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Downloaded Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\{628E8630-7947-49EA-BE90-7F8BFF77A79C}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Downloaded Installations\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{00180409-78E1-11D2-B60F-006097C998E7}\{00180409-78E1-11D2-B60F-006097C998E7}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{08CA9554-B5FE-4313-938F-D4A417B81175}\{08CA9554-B5FE-4313-938F-D4A417B81175}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150060}\{3248F0A8-6813-11D6-A77B-00B0D0150060}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{3CB41017-F5CA-4C56-934C-ED02156251E6}\{3CB41017-F5CA-4C56-934C-ED02156251E6}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\{83437081-8186-4F63-BD39-4BE8A691E055}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{9176251A-4CC1-4DDB-B343-B487195EB397}\{9176251A-4CC1-4DDB-B343-B487195EB397}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{9DE006A5-B384-4EDE-A760-0F217136B9EA}\{9DE006A5-B384-4EDE-A760-0F217136B9EA}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70700000002}\{AC76BA86-7AD7-1033-7B44-A70700000002}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Media\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Media\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ErrorRep\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\Provisioning\Schemas\Schemas
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\{077ACEC7-979C-40AB-9835-435BA1511E0D}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\{30C7234B-6482-4A55-A11D-ECD9030313F2}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\{60204BB3-7078-4F70-8F69-68297621941C}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\{981FB688-E76B-4246-987B-92083185B90A}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\{A47B3654-48EE-48A5-B629-97D70175E58F}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\{DD90D410-1823-43EB-9A16-A2331BF08799}
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\setup.pss\setup.pss
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\10\msft\windows\gdiplus\gdiplus
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\dxmrtp\dxmrtp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcdll\rtcdll
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcres\rtcres
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\vcrtl\vcrtl
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\windows\common\controls\controls
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\70\msft\windows\mswincrt\mswincrt
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ip\ip
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\lang\lang
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\download\download
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7f3ae1c8d5ca0198c5822b2c4364147d\7f3ae1c8d5ca0198c5822b2c4364147d
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\cf7ced0e70c80a1e476f1abf49afecb1
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\update\update
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\51ca4a3fc75deb57bb45c683cb369013\51ca4a3fc75deb57bb45c683cb369013
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\58143\58143
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217
Mount point destination : \Device\__max++>\^
Finished!
-
You got a pretty bad rootkit there. ::)
We need to run the tool with the following command to fix some malware related changes.
Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:
"%userprofile%\desktop\win32kdiag.exe" -f -r
When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
-
2 parts
Running from: C:\Documents and Settings\S Chung\desktop\win32kdiag.exe
Log file at : C:\Documents and Settings\S Chung\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB867282\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB867282\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB873333\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB873333\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB885250\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB885250\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB887742\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB887742\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB887742\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB887742\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB888113\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB888113\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB888113\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB888113\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB890047\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB890047\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB890175\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB890175\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB890175\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB890175\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB893066\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB893066\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB896422\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB896422\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB896422\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB896422\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB896424\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB896424\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB899589\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB899589\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB899589\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB899589\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB905915\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB905915\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB911567\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB911567\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB911567\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB911567\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB912812\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB912919\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB912919\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB913446\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB913446\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB916281\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB917159\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB917159\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB917159\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB917159\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB917422\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB917422\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB918899\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB920214\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB920214\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB920214\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB920214\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB921398\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB921398\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB921883\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB921883\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB922616\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB922616\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB922616\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB922616\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB922760\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB923694\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB923694\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB923694\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB923694\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB925454\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB925486\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB925486\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB925486\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB925486\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB928090\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB929120\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB929120\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB929120\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB929120\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB929338\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\SP2QFE
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\SP2QFE
Found mount point : C:\WINDOWS\$hf_mig$\KB931768\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB931768\update\update
Found mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059
Found mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486
Found mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525
Found mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112
Found mount point : C:\WINDOWS\$hf_mig$\KB974455-IE8\KB974455-IE8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB974455-IE8\KB974455-IE8
Found mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571
Found mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025
Found mount point : C:\WINDOWS\$hf_mig$\KB975467\KB975467
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB975467\KB975467
Found mount point : C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst
Found mount point : C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst
Found mount point : C:\WINDOWS\.file_store_32\.file_store_32
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\.file_store_32\.file_store_32
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b699752\1.0.5000.0__b77a5c561934e089_5b699752
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b699752\1.0.5000.0__b77a5c561934e089_5b699752
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_720f98b4\1.0.5000.0__b77a5c561934e089_720f98b4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_720f98b4\1.0.5000.0__b77a5c561934e089_720f98b4
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a93ef261\1.0.5000.0__b03f5f7f11d50a3a_a93ef261
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a93ef261\1.0.5000.0__b03f5f7f11d50a3a_a93ef261
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_68a48036\1.0.5000.0__b03f5f7f11d50a3a_68a48036
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_68a48036\1.0.5000.0__b03f5f7f11d50a3a_68a48036
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_e4e0a1d0\1.0.5000.0__b77a5c561934e089_e4e0a1d0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_e4e0a1d0\1.0.5000.0__b77a5c561934e089_e4e0a1d0
Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_72b8f754\1.0.5000.0__b77a5c561934e089_72b8f754
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_72b8f754\1.0.5000.0__b77a5c561934e089_72b8f754
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP106.tmp\ZAP106.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP106.tmp\ZAP106.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12D.tmp\ZAP12D.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12D.tmp\ZAP12D.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14C.tmp\ZAP14C.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14C.tmp\ZAP14C.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP158.tmp\ZAP158.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP158.tmp\ZAP158.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP189.tmp\ZAP189.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP189.tmp\ZAP189.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22.tmp\ZAP22.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22.tmp\ZAP22.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33.tmp\ZAP33.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33.tmp\ZAP33.tmp
Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39.tmp\ZAP39.tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39.tmp\ZAP39.tmp
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\tmp\tmp
Found mount point : C:\WINDOWS\BBSTORE\DSS\DSS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\BBSTORE\DSS\DSS
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Config\Config
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Found mount point : C:\WINDOWS\CSC\d1\d1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d1\d1
Found mount point : C:\WINDOWS\CSC\d2\d2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d2\d2
Found mount point : C:\WINDOWS\CSC\d3\d3
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d3\d3
Found mount point : C:\WINDOWS\CSC\d4\d4
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d4\d4
-
Found mount point : C:\WINDOWS\CSC\d5\d5
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d5\d5
Found mount point : C:\WINDOWS\CSC\d6\d6
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d6\d6
Found mount point : C:\WINDOWS\CSC\d7\d7
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d7\d7
Found mount point : C:\WINDOWS\CSC\d8\d8
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\CSC\d8\d8
Found mount point : C:\WINDOWS\Debug\WPD\WPD
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Debug\WPD\WPD
Found mount point : C:\WINDOWS\Downloaded Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\{628E8630-7947-49EA-BE90-7F8BFF77A79C}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Downloaded Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\{628E8630-7947-49EA-BE90-7F8BFF77A79C}
Found mount point : C:\WINDOWS\Downloaded Installations\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Downloaded Installations\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ftpcache\ftpcache
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\chsime\applets\applets
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp\applets\applets
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp98\imejp98
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\shared\res\res
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Found mount point : C:\WINDOWS\Installer\{00180409-78E1-11D2-B60F-006097C998E7}\{00180409-78E1-11D2-B60F-006097C998E7}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{00180409-78E1-11D2-B60F-006097C998E7}\{00180409-78E1-11D2-B60F-006097C998E7}
Found mount point : C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Found mount point : C:\WINDOWS\Installer\{08CA9554-B5FE-4313-938F-D4A417B81175}\{08CA9554-B5FE-4313-938F-D4A417B81175}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{08CA9554-B5FE-4313-938F-D4A417B81175}\{08CA9554-B5FE-4313-938F-D4A417B81175}
Found mount point : C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Found mount point : C:\WINDOWS\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Found mount point : C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150060}\{3248F0A8-6813-11D6-A77B-00B0D0150060}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150060}\{3248F0A8-6813-11D6-A77B-00B0D0150060}
Found mount point : C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Found mount point : C:\WINDOWS\Installer\{3CB41017-F5CA-4C56-934C-ED02156251E6}\{3CB41017-F5CA-4C56-934C-ED02156251E6}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{3CB41017-F5CA-4C56-934C-ED02156251E6}\{3CB41017-F5CA-4C56-934C-ED02156251E6}
Found mount point : C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Found mount point : C:\WINDOWS\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Found mount point : C:\WINDOWS\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\{83437081-8186-4F63-BD39-4BE8A691E055}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\{83437081-8186-4F63-BD39-4BE8A691E055}
Found mount point : C:\WINDOWS\Installer\{9176251A-4CC1-4DDB-B343-B487195EB397}\{9176251A-4CC1-4DDB-B343-B487195EB397}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{9176251A-4CC1-4DDB-B343-B487195EB397}\{9176251A-4CC1-4DDB-B343-B487195EB397}
Found mount point : C:\WINDOWS\Installer\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}
Found mount point : C:\WINDOWS\Installer\{9DE006A5-B384-4EDE-A760-0F217136B9EA}\{9DE006A5-B384-4EDE-A760-0F217136B9EA}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{9DE006A5-B384-4EDE-A760-0F217136B9EA}\{9DE006A5-B384-4EDE-A760-0F217136B9EA}
Found mount point : C:\WINDOWS\Installer\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Found mount point : C:\WINDOWS\Installer\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
Found mount point : C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70700000002}\{AC76BA86-7AD7-1033-7B44-A70700000002}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70700000002}\{AC76BA86-7AD7-1033-7B44-A70700000002}
Found mount point : C:\WINDOWS\Installer\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Found mount point : C:\WINDOWS\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\classes\classes
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\trustlib\trustlib
Found mount point : C:\WINDOWS\Media\java\classes\classes
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Media\java\classes\classes
Found mount point : C:\WINDOWS\Media\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Media\java\trustlib\trustlib
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo
Found mount point : C:\WINDOWS\pchealth\ErrorRep\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ErrorRep\UserDumps\UserDumps
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PIF\PIF
Found mount point : C:\WINDOWS\RegisteredPackages\Provisioning\Schemas\Schemas
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\Provisioning\Schemas\Schemas
Found mount point : C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\{077ACEC7-979C-40AB-9835-435BA1511E0D}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\{077ACEC7-979C-40AB-9835-435BA1511E0D}
Found mount point : C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$\System\System
Found mount point : C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\{30C7234B-6482-4A55-A11D-ECD9030313F2}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\{30C7234B-6482-4A55-A11D-ECD9030313F2}
Found mount point : C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\System
Found mount point : C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}
Found mount point : C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\System
Found mount point : C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\{60204BB3-7078-4F70-8F69-68297621941C}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\{60204BB3-7078-4F70-8F69-68297621941C}
Found mount point : C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\System
Found mount point : C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\{981FB688-E76B-4246-987B-92083185B90A}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\{981FB688-E76B-4246-987B-92083185B90A}
Found mount point : C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\System
Found mount point : C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\{A47B3654-48EE-48A5-B629-97D70175E58F}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\{A47B3654-48EE-48A5-B629-97D70175E58F}
Found mount point : C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\System
Found mount point : C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}
Found mount point : C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\System
Found mount point : C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}
Found mount point : C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\System
Found mount point : C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}
Found mount point : C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\System
Found mount point : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\{DD90D410-1823-43EB-9A16-A2331BF08799}
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\{DD90D410-1823-43EB-9A16-A2331BF08799}
Found mount point : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\System
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\System
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Found mount point : C:\WINDOWS\setup.pss\setup.pss
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\setup.pss\setup.pss
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2gdr\sp2gdr
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2qfe\sp2qfe
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\update\update
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\10\msft\windows\gdiplus\gdiplus
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\10\msft\windows\gdiplus\gdiplus
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\dxmrtp\dxmrtp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\dxmrtp\dxmrtp
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcdll\rtcdll
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcdll\rtcdll
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcres\rtcres
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcres\rtcres
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\vcrtl\vcrtl
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\vcrtl\vcrtl
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\windows\common\controls\controls
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\windows\common\controls\controls
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\70\msft\windows\mswincrt\mswincrt
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\70\msft\windows\mswincrt\mswincrt
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ip\ip
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ip\ip
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\lang\lang
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\lang\lang
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\download\download
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\download\download
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\sp2gdr\sp2gdr
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\update\update
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2gdr\sp2gdr
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2qfe\sp2qfe
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\update\update
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2gdr\sp2gdr
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2qfe\sp2qfe
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\update\update
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2gdr\sp2gdr
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2qfe\sp2qfe
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\update\update
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7f3ae1c8d5ca0198c5822b2c4364147d\7f3ae1c8d5ca0198c5822b2c4364147d
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\7f3ae1c8d5ca0198c5822b2c4364147d\7f3ae1c8d5ca0198c5822b2c4364147d
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2gdr\sp2gdr
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2qfe\sp2qfe
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\update\update
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2gdr\sp2gdr
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2qfe\sp2qfe
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\update\update
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\sp2gdr\sp2gdr
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\update\update
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2gdr\sp2gdr
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2qfe\sp2qfe
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2qfe\sp2qfe
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\update\update
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\cf7ced0e70c80a1e476f1abf49afecb1
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\cf7ced0e70c80a1e476f1abf49afecb1
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\backup\backup
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\backup\backup
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\sp2gdr\sp2gdr
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\sp2gdr\sp2gdr
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\update\update
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\update\update
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\51ca4a3fc75deb57bb45c683cb369013\51ca4a3fc75deb57bb45c683cb369013
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\51ca4a3fc75deb57bb45c683cb369013\51ca4a3fc75deb57bb45c683cb369013
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\58143\58143
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\58143\58143
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217
Finished!
-
Good job. ;D
- Please download maxlook (http://noahdfear.net/downloads/maxlook.exe) and save the file to your desktop.
- Double click maxlook.exe to run it. Note - you must run it only once!
- As instructed when the tool runs, restart the computer and logon to the Recovery Console.
- Start the Recovery Console directly from the Windows XP CD by do the following:
- Insert the Windows XP cd in your computer.
- Restart your computer so you are booting off of the CD.
- When the Welcome to Setup screen appears, press the R button on your keyboard to start the Recovery Console.
- The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.
- It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter. If you do not know your password then see this (http://www.bleepingcomputer.com/tutorials/tutorial117.html#password).
- If you entered the correct password you will now be presented with a C:\Windows> prompt and you can start using the Recovery Console.
- Type the following bolded command at the C:\windows> prompt and press Enter: batch look.bat
- You will see "1 file(s) copied" many times then return to the c:\windows> prompt.
- Type Exit and press Enter to restart your computer then logon in normal mode.
- Please run maxlook.exe again now. Note - you must run it only once!
- It will produce looklog.txt on the desktop.
- Please post the results here.
-
I have 2 XP CD Packs, i don't know which one i used to install windows. does it matter?
-
Place each of them in the drive and boot from it. If you are allowed to press R for repair, then that is the one.
-
Can u help me with something b4 i do that, i got the BSOD again and ran Who Crashed
Analysis
--------------------------------------------------------------------------------
Crash dump directory: C:\WINDOWS\Minidump
Crash dumps are enabled on your computer.
On Fri 5/03/2010 11:55:06 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x50 (0xE146ACF8, 0x1, 0x804DAAB5, 0x1)
Error: PAGE_FAULT_IN_NONPAGED_AREA
Dump file: C:\WINDOWS\Minidump\Mini030610-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.
--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------
1 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
-
The infection spawned that blue screen. If you do not get that Recovery Console ready to do the infection removal soon, the computer will become unbootable.
-
Run from C:\Documents and Settings\S Chung\Desktop\maxlook.exe on Sat 06/03/2010 at 15:50:50.04
No infected file found
-
Please re-run Win32kDiag and post a log.
-
Running from: C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\S Chung\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Finished!
Oh & HELP ME!, my Antivirus, Reg Mechanic, anti-spyware & Combat Arms can't access the interent/update.
-
Re-run ComboFix and post a log, please.
-
After running combofix, the PC reset and this came up.
7/03/2010 9:31:46 PM C:\WINDOWS\system32\drivers\atapi.sys [L] Win32:Alureon-FQ (0)
File was successfully moved to chest...
From Avast.
& my Combofix folder went spaz. Look at picture
[Saving space, attachment deleted by admin]
-
*censored* DUDE!
I can't boot up my PC, it keeps on reseting itself when it reaches the choose the OS system part. I CAN ONLY BOOT OFF MY WINDOWS CD & AM TALKING TO U VIA ANOTHER PC
-
Silly avast.
First
ISOBurner (http://www.ntfs.com/iso-burning.htm) this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions (http://www.ntfs.com/iso_burner_free.htm)
Second
- Download OTLPE.iso (http://oldtimer.geekstogo.com/OTLPE.iso) and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
- When downloaded double click and this will then open ISOBurner to burn the file to CD
- Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)
- Your system should now display a REATOGO-X-PE desktop.
- Double-click on the OTLPE icon.
- When asked "Do you wish to load the remote registry", select Yes
- When asked "Do you wish to load remote user profile(s) for scanning", select Yes
- Ensure the box "Automatically Load All Remaining Users" is checked and press OK
- OTL should now start. Change the following settings
- Change Drivers to Non-Microsoft
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\_OTL\MovedFiles
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.
[/list]
-
OTL logfile created on: 3/9/2010 7:57:49 PM - Run
OTLPE by OldTimer - Version 3.1.35.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.74 Gb Total Space | 15.68 Gb Free Space | 24.22% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 20.66 Gb Free Space | 52.89% Space Free | Partition Type: NTFS
Drive E: | 45.25 Gb Total Space | 11.29 Gb Free Space | 24.94% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 4.55 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive G: | 199.73 Gb Total Space | 135.39 Gb Free Space | 67.79% Space Free | Partition Type: NTFS
Drive H: | 296.53 Gb Total Space | 13.07 Gb Free Space | 4.41% Space Free | Partition Type: NTFS
Drive I: | 329.06 Gb Total Space | 214.31 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (ssrcc)
SRV - File not found [Auto] -- -- (msrvc)
SRV - File not found [Auto] -- -- (DNTVSchedulerPro)
SRV - [2010/02/19 03:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/07 00:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/09 18:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 22:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/29 19:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/19 20:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/18 20:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/15 09:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2001/04/05 22:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Trufos)
DRV - File not found [Kernel | Boot] -- -- (TfSysMon)
DRV - File not found [Kernel | On_Demand] -- -- (TfNetMon)
DRV - File not found [Kernel | Boot] -- -- (TfFsMon)
DRV - File not found [Kernel | System] -- -- (SuperMounter)
DRV - File not found [Kernel | On_Demand] -- -- (rootrepeal)
DRV - File not found [Kernel | On_Demand] -- -- (Profos)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot] -- -- (Lbd)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (gagp440p)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand] -- -- (BDFsDrv)
DRV - File not found [Kernel | On_Demand] -- -- (bdfdll)
DRV - [2010/02/16 04:48:18 | 000,017,984 | ---- | M] () [File_System | Auto] -- C:\WINDOWS\system32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2010/02/11 13:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 13:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 13:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 13:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 13:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 13:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/02 23:52:08 | 004,605,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/07 00:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/11/22 16:43:30 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/22 16:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/22 16:43:28 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/11/08 19:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/27 20:22:00 | 000,298,752 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009/07/28 05:49:05 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/02/15 09:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/12/18 08:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/11/16 11:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/10/28 04:57:42 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/09/23 18:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/06/24 00:10:52 | 000,449,664 | R--- | M] (AfaTech ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/23 23:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2008/01/23 23:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2008/01/23 23:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2008/01/23 23:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/01/23 16:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/01/23 00:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004/12/09 10:25:49 | 000,047,104 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/12/03 05:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/10/28 05:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/09 06:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 06:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/08/03 07:39:32 | 000,020,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LwAdiHid.sys -- (lwadihid) Logitech WingMan Digital Devices(Auto-Detect)
DRV - [2004/07/19 09:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2004/05/06 22:12:23 | 000,008,703 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004/02/23 22:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/01 10:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\CS_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\M_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE - HKU\M_Chung_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\M_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/14 06:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 02:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/21 02:47:09 | 000,000,000 | ---D | M]
[2010/03/06 06:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/08 06:29:36 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
O1 HOSTS File: ([2010/02/04 03:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DNTVSchedulerProTray Icon] C:\Program Files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe (Renura Enterprises Pty Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S_Chung_ON_C..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S_Chung_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\CS_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\M_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256421470390 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/03/07 05:14:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/07 05:14:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/07 05:14:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/07 05:14:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/07 05:13:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/03/07 04:39:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 23:37:55 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/03/06 23:37:54 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010/03/06 23:37:54 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2010/03/06 23:37:54 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/03/06 23:37:54 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2010/03/06 23:37:53 | 014,188,544 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2010/03/06 23:37:53 | 003,633,152 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2010/03/06 23:37:53 | 000,565,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2010/03/06 23:37:53 | 000,397,312 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2010/03/06 23:37:53 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010/03/06 23:37:53 | 000,301,568 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/03/06 23:37:53 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/03/06 23:37:53 | 000,180,224 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2010/03/06 23:37:53 | 000,159,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2010/03/06 23:37:53 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2010/03/06 23:37:53 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2010/03/06 23:37:53 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2010/03/06 23:37:53 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2010/03/06 23:37:53 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2010/03/06 23:37:53 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2010/03/06 23:37:53 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2010/03/06 23:37:53 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/03/06 23:37:53 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/03/06 23:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/03/06 23:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/03/06 23:36:29 | 000,000,000 | ---D | C] -- C:\ATI
[2010/03/06 23:18:25 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/03/06 23:18:25 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2010/03/06 23:18:25 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/03/06 23:18:25 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2010/03/06 23:18:25 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/03/06 23:18:25 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2010/03/06 23:18:24 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/03/06 23:18:24 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2010/03/06 23:18:24 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/03/06 23:18:24 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
[2010/03/06 23:18:23 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/03/06 23:18:23 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2010/03/06 23:18:23 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/03/06 23:18:23 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2010/03/06 23:18:23 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/03/06 23:18:23 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
[2010/03/06 23:18:22 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/03/06 23:18:22 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2010/03/06 23:18:22 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/03/06 23:18:22 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
[2010/03/06 23:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2010/03/05 23:41:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
[2010/03/05 18:03:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
[2010/03/04 02:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\mIRC
[2010/03/03 05:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R Buttons
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207000.034
[2010/03/02 04:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/03/02 03:08:38 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/03/02 02:57:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/28 03:43:11 | 000,632,832 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[2010/02/26 23:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CS Chung\Application Data\Logitech
[2010/02/26 18:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2010/02/25 03:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Desktop\Ratings
[2010/02/25 03:15:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/25 02:28:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/25 01:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Desktop\avenger
[2010/02/23 06:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/02/23 06:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/02/23 00:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\MegaLeecher
[2010/02/22 02:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/02/19 02:58:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/19 02:58:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/19 02:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/17 06:23:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/16 05:18:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\S Chung\Recent
[2010/02/16 03:51:11 | 000,126,976 | ---- | C] (Adavanced Systems ) -- C:\WINDOWS\System32\tton.ocx
[2010/02/16 01:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audio Mid Recorder
[2010/02/13 00:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\dvdcss
[2010/02/12 06:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\vlc
[2010/02/11 06:24:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\S Chung\My Documents\My Music
[2010/02/11 01:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/02/10 06:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\AVS4YOU
[2010/02/10 06:09:27 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2010/02/10 05:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\Adobe Programs
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
-
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/03/09 19:54:17 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/07 05:43:08 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:08 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 05:43:00 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\S Chung\NTUSER.DAT
[2010/03/07 05:42:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\S Chung\ntuser.ini
[2010/03/07 05:31:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/07 05:30:24 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/07 05:30:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/07 05:29:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 05:29:26 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/07 05:29:25 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/03/07 05:00:18 | 004,121,899 | R--- | M] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/03/07 04:14:37 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\maths PROBLEMS Part 4.doc
[2010/03/06 23:13:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/03/06 22:21:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/06 00:52:28 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\CS Chung\ntuser.dat.rmbak
[2010/03/06 00:52:28 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.rmbak
[2010/03/06 00:51:45 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\S Chung\ntuser.dat.rmbak
[2010/03/06 00:51:17 | 003,731,456 | ---- | M] () -- C:\Documents and Settings\M Chung\NTUSER.DAT
[2010/03/06 00:51:17 | 000,774,144 | ---- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/03/06 00:51:17 | 000,462,848 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-1935655697-688789844-1801674531-500.rrr
[2010/03/06 00:51:15 | 003,702,784 | ---- | M] () -- C:\Documents and Settings\CS Chung\NTUSER.DAT
[2010/03/06 00:50:53 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\s-1-5-19.rrr
[2010/03/05 20:13:49 | 000,007,410 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:00:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\CS Chung\ntuser.ini
[2010/03/05 17:59:52 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/05 17:59:22 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/05 17:59:22 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/05 05:40:27 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:08:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/04 03:05:24 | 000,060,056 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:52 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:21 | 000,172,335 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:40 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 07:24:28 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/02 05:45:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:28 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/28 03:43:15 | 000,632,832 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[2010/02/27 01:53:10 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/26 23:40:38 | 000,149,440 | ---- | M] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/26 20:01:07 | 000,638,548 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/26 18:36:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 06:32:31 | 003,729,202 | -H-- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\IconCache.db
[2010/02/26 06:13:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 01:07:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/25 05:23:35 | 001,190,400 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Should Australia Have An R Rating For Games.ppt
[2010/02/25 02:59:28 | 000,009,654 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100225_185909.reg
[2010/02/25 02:45:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/25 02:28:12 | 000,000,330 | RHS- | M] () -- C:\boot.ini
[2010/02/24 05:44:38 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\avenger.zip
[2010/02/24 05:25:19 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Australia should have an R rating for games.doc
[2010/02/24 05:20:59 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$stralia should have an R rating for games.doc
[2010/02/22 19:11:28 | 000,085,797 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Cheetah-Anti-Rogue.cmd
[2010/02/22 04:02:53 | 000,001,015 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Shortcut to HprSnap6.lnk
[2010/02/21 04:37:49 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Maths Questions.doc
[2010/02/19 02:58:44 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for S Chung.job
[2010/02/18 02:58:58 | 000,093,174 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100218_185746.reg
[2010/02/16 05:19:15 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\The Most Dangerous Game Review.doc
[2010/02/16 05:17:51 | 000,009,036 | -HS- | M] () -- C:\WINDOWS\System32\sys_drv.dat
[2010/02/16 05:17:51 | 000,006,024 | -HS- | M] () -- C:\WINDOWS\System32\sys_drv_2.dat
[2010/02/16 05:17:36 | 000,000,990 | -HS- | M] () -- C:\Documents and Settings\S Chung\Application Data\systemfl.$dk
[2010/02/16 04:48:20 | 000,180,224 | ---- | M] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 04:48:18 | 000,017,984 | ---- | M] () -- C:\WINDOWS\System32\WinFLdrv.sys
[2010/02/16 04:48:18 | 000,007,680 | ---- | M] () -- C:\WINDOWS\System32\WinFLsrv.exe
[2010/02/16 02:50:28 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$e Most Dangerous Game Review.doc
[2010/02/16 01:44:19 | 000,000,067 | ---- | M] () -- C:\WINDOWS\AudioMidRecorder.INI
[2010/02/13 19:36:30 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\M Chung\ntuser.dat.rmbak
[2010/02/13 00:25:01 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Women drivers are safer than men drivers.doc
[2010/02/12 05:54:34 | 000,000,482 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Fraps.lnk
[2010/02/12 00:54:27 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/12 00:43:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/11 13:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 13:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 13:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 13:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 13:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 13:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 13:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 13:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 13:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/11 01:58:49 | 000,004,690 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100211_175828.reg
[2010/02/10 05:22:10 | 000,007,292 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100210_212206.reg
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/07 05:14:08 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/07 05:14:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/07 05:14:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/07 05:14:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/07 05:14:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/06 23:44:18 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/06 23:37:55 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/03/06 23:37:54 | 000,455,520 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/03/06 23:37:53 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/03/06 23:37:53 | 000,198,341 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/03/06 23:37:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/03/06 23:37:53 | 000,031,240 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/03/06 23:37:53 | 000,020,274 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/03/06 23:37:53 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/03/06 06:43:07 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/05 20:13:47 | 000,007,410 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 06:47:19 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:04:41 | 000,060,056 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:51 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:20 | 000,172,335 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:39 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 05:45:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:24 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/02 02:52:56 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/01 06:21:08 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/27 01:52:58 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/26 23:06:08 | 004,121,899 | R--- | C] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/02/26 19:55:08 | 000,638,548 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/26 18:36:01 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 06:13:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 01:07:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/26 00:47:19 | 000,085,797 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Cheetah-Anti-Rogue.cmd
[2010/02/25 04:05:09 | 001,190,400 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Should Australia Have An R Rating For Games.ppt
[2010/02/25 02:59:11 | 000,009,654 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100225_185909.reg
[2010/02/25 02:28:11 | 000,000,260 | ---- | C] () -- C:\Boot.bak
[2010/02/25 02:28:08 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/24 05:44:37 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\avenger.zip
[2010/02/24 05:20:59 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$stralia should have an R rating for games.doc
[2010/02/23 06:16:57 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/23 06:16:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/22 05:46:38 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\maths PROBLEMS Part 4.doc
[2010/02/22 04:01:06 | 000,001,015 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Shortcut to HprSnap6.lnk
[2010/02/22 03:28:38 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Australia should have an R rating for games.doc
[2010/02/21 03:08:33 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Maths Questions.doc
[2010/02/19 02:58:44 | 000,000,500 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for S Chung.job
[2010/02/18 02:57:48 | 000,093,174 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100218_185746.reg
[2010/02/16 04:48:23 | 000,009,036 | -HS- | C] () -- C:\WINDOWS\System32\sys_drv.dat
[2010/02/16 04:48:23 | 000,006,024 | -HS- | C] () -- C:\WINDOWS\System32\sys_drv_2.dat
[2010/02/16 04:48:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 04:48:18 | 000,017,984 | ---- | C] () -- C:\WINDOWS\System32\WinFLdrv.sys
[2010/02/16 04:48:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\WinFLsrv.exe
[2010/02/16 04:48:17 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\S Chung\Application Data\systemfl.$dk
[2010/02/16 04:48:05 | 000,033,982 | ---- | C] () -- C:\WINDOWS\System32\flk-icon.ico
[2010/02/16 02:50:28 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$e Most Dangerous Game Review.doc
[2010/02/16 01:37:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2010/02/15 05:41:01 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\The Most Dangerous Game Review.doc
[2010/02/13 00:25:00 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Women drivers are safer than men drivers.doc
[2010/02/11 01:58:30 | 000,004,690 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100211_175828.reg
[2010/02/10 05:22:07 | 000,007,292 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100210_212206.reg
[2010/01/25 22:08:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/25 00:03:25 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/12/14 23:08:59 | 000,000,355 | ---- | C] () -- C:\WINDOWS\Sonic3K.INI
[2009/12/14 03:02:54 | 000,075,600 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\ReplayMusicLog.log
[2009/11/24 05:45:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/23 06:02:51 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/09 14:17:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\housecall.guid.cache
[2009/10/26 06:13:43 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/10/24 04:07:25 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2009/09/10 19:00:34 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/03 00:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/28 06:28:32 | 000,305,408 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/25 05:36:54 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\fusioncache.dat
[2009/07/24 04:00:27 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/04 00:06:18 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\fusioncache.dat
[2009/05/27 05:40:54 | 000,001,814 | ---- | C] () -- C:\WINDOWS\HprSnap.INI
[2009/05/26 04:19:33 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/22 08:10:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2009/05/22 08:10:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2008/11/11 15:59:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/05 06:58:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/10/11 17:36:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2008/10/11 17:36:11 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/10/11 17:36:06 | 000,000,778 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2008/10/11 17:36:06 | 000,000,080 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2008/08/18 16:07:05 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 02:38:01 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/03 02:38:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\PnkBstrK.sys
[2008/01/28 06:05:33 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/12/06 00:59:26 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\M Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 04:47:36 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\AVSDVDPlayer.m3u
[2007/09/08 02:06:57 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007/08/25 00:38:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\CS Chung\Application Data\AVSDVDPlayer.m3u
[2007/08/04 06:51:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/07/04 06:26:05 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/30 00:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/06/27 02:11:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/18 05:09:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 05:12:31 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/06/15 04:01:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7M.DLL
[2007/06/14 06:28:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/11/28 17:09:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT4.dll
[2004/11/28 17:05:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT3.dll
[2004/11/27 23:28:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT2.dll
[2004/11/27 23:11:01 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT1.dll
[2004/08/03 19:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/08 07:04:46 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\caacedfedaadeca.dll
========== LOP Check ==========
[2009/05/30 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Canon
[2008/06/29 01:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\CD-LabelPrint
[2009/07/25 05:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Cuttermaran
[2009/01/28 02:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\HiYo
[2009/07/28 06:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Pegasys Inc
[2009/11/09 14:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\QuickScan
[2009/08/09 08:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDo-TVSuite
[2009/08/05 07:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDoPlus
[2009/02/28 18:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\HiYo
[2009/07/24 18:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\My Battle for Middle-earth Files
[2007/07/01 21:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Sierra
[2007/11/24 06:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Thunderbird
[2009/11/25 06:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Any Video Converter
[2010/01/29 02:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Auslogics
[2010/01/25 01:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Error Fix
[2010/01/22 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Leadertech
[2009/11/26 03:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mp3tag
[2009/12/13 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\My Battle for Middle-earth(tm) II Files
[2009/11/19 05:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Registry Mechanic
[2010/01/25 00:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\ScanSoft
[2010/01/25 23:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Simply Super Software
[2009/11/19 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Ubisoft
[2010/03/05 07:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
========== Purity Check ==========
< End of report >
-
Open OTLPE
In the Custom Scans box, place in the following then press Quick Scan:
/md5start
atapi.sys
iastor.sys
explorer.exe
lsass.exe
/md5stop
Post the log in your next reply.
-
OTL logfile created on: 3/10/2010 6:12:51 PM - Run
OTLPE by OldTimer - Version 3.1.35.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.74 Gb Total Space | 15.67 Gb Free Space | 24.21% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 20.66 Gb Free Space | 52.89% Space Free | Partition Type: NTFS
Drive E: | 45.25 Gb Total Space | 11.29 Gb Free Space | 24.94% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 4.55 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive G: | 199.73 Gb Total Space | 135.39 Gb Free Space | 67.79% Space Free | Partition Type: NTFS
Drive H: | 296.53 Gb Total Space | 13.07 Gb Free Space | 4.41% Space Free | Partition Type: NTFS
Drive I: | 329.06 Gb Total Space | 214.31 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
Drive J: | 3.75 Gb Total Space | 1.64 Gb Free Space | 43.63% Space Free | Partition Type: FAT32
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (ssrcc)
SRV - File not found [Auto] -- -- (msrvc)
SRV - File not found [Auto] -- -- (DNTVSchedulerPro)
SRV - [2010/02/19 03:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/07 00:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/09 18:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 22:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/29 19:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/19 20:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/18 20:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/15 09:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2001/04/05 22:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\CS_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\M_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE - HKU\M_Chung_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\M_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/14 06:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 02:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/21 02:47:09 | 000,000,000 | ---D | M]
[2010/03/06 06:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/08 06:29:36 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
O1 HOSTS File: ([2010/02/04 03:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DNTVSchedulerProTray Icon] C:\Program Files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe (Renura Enterprises Pty Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S_Chung_ON_C..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S_Chung_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\CS_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\M_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256421470390 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010/03/09 22:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R
[2010/03/07 05:14:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/07 05:14:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/07 05:14:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/07 05:14:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/07 05:13:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/03/07 04:39:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 23:37:55 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/03/06 23:37:54 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/03/06 23:37:53 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/03/06 23:37:53 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/03/06 23:37:53 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/03/06 23:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/03/06 23:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/03/06 23:36:29 | 000,000,000 | ---D | C] -- C:\ATI
[2010/03/06 23:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2010/03/05 23:41:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
[2010/03/05 18:03:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
[2010/03/04 02:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\mIRC
[2010/03/03 05:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R Buttons
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207000.034
[2010/03/02 04:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/03/02 03:08:38 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/03/02 02:57:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/28 03:43:11 | 000,632,832 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[2010/02/26 23:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CS Chung\Application Data\Logitech
[2010/02/26 18:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2010/02/25 03:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Desktop\Ratings
[2010/02/25 03:15:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/25 02:28:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/25 01:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Desktop\avenger
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/03/09 20:21:14 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/07 05:43:08 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:08 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 05:43:00 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\S Chung\NTUSER.DAT
[2010/03/07 05:42:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\S Chung\ntuser.ini
[2010/03/07 05:31:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/07 05:30:24 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/07 05:30:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/07 05:29:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 05:29:26 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/07 05:29:25 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/03/07 05:00:18 | 004,121,899 | R--- | M] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/03/07 04:14:37 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\maths PROBLEMS Part 4.doc
[2010/03/06 23:13:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/03/06 22:21:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/06 00:52:28 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\CS Chung\ntuser.dat.rmbak
[2010/03/06 00:52:28 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.rmbak
[2010/03/06 00:51:45 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\S Chung\ntuser.dat.rmbak
[2010/03/06 00:51:17 | 003,731,456 | ---- | M] () -- C:\Documents and Settings\M Chung\NTUSER.DAT
[2010/03/06 00:51:17 | 000,774,144 | ---- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/03/06 00:51:17 | 000,462,848 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-1935655697-688789844-1801674531-500.rrr
[2010/03/06 00:51:15 | 003,702,784 | ---- | M] () -- C:\Documents and Settings\CS Chung\NTUSER.DAT
[2010/03/06 00:50:53 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\s-1-5-19.rrr
[2010/03/05 20:13:49 | 000,007,410 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:00:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\CS Chung\ntuser.ini
[2010/03/05 17:59:52 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/05 17:59:22 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/05 17:59:22 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/05 05:40:27 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:08:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/04 03:05:24 | 000,060,056 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:52 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:21 | 000,172,335 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:40 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 07:24:28 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/02 05:45:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:28 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/28 03:43:15 | 000,632,832 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[2010/02/27 01:53:10 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/26 23:40:38 | 000,149,440 | ---- | M] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/26 20:01:07 | 000,638,548 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/26 18:36:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 06:32:31 | 003,729,202 | -H-- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\IconCache.db
[2010/02/26 06:13:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 01:07:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/25 05:23:35 | 001,190,400 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Should Australia Have An R Rating For Games.ppt
[2010/02/25 02:59:28 | 000,009,654 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100225_185909.reg
[2010/02/25 02:45:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/25 02:28:12 | 000,000,330 | RHS- | M] () -- C:\boot.ini
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/07 05:14:08 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/07 05:14:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/07 05:14:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/07 05:14:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/07 05:14:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/06 23:44:18 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/06 23:37:55 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/03/06 23:37:54 | 000,455,520 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/03/06 23:37:53 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/03/06 23:37:53 | 000,198,341 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/03/06 23:37:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/03/06 23:37:53 | 000,031,240 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/03/06 23:37:53 | 000,020,274 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/03/06 23:37:53 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/03/06 06:43:07 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/05 20:13:47 | 000,007,410 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 06:47:19 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:04:41 | 000,060,056 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:51 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:20 | 000,172,335 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:39 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 05:45:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:24 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/02 02:52:56 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/01 06:21:08 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/27 01:52:58 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/26 23:06:08 | 004,121,899 | R--- | C] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/02/26 19:55:08 | 000,638,548 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/26 18:36:01 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 06:13:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 01:07:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/26 00:47:19 | 000,085,797 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Cheetah-Anti-Rogue.cmd
[2010/02/25 04:05:09 | 001,190,400 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Should Australia Have An R Rating For Games.ppt
[2010/02/25 02:59:11 | 000,009,654 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100225_185909.reg
[2010/02/25 02:28:11 | 000,000,260 | ---- | C] () -- C:\Boot.bak
[2010/02/25 02:28:08 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/23 06:16:57 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/23 06:16:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/16 04:48:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 04:48:18 | 000,017,984 | ---- | C] () -- C:\WINDOWS\System32\WinFLdrv.sys
[2010/02/16 04:48:17 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\S Chung\Application Data\systemfl.$dk
[2010/02/16 01:37:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2010/01/25 22:08:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/25 00:03:25 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/12/14 23:08:59 | 000,000,355 | ---- | C] () -- C:\WINDOWS\Sonic3K.INI
[2009/12/14 03:02:54 | 000,075,600 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\ReplayMusicLog.log
[2009/11/24 05:45:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/23 06:02:51 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/09 14:17:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\housecall.guid.cache
[2009/10/26 06:13:43 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/10/24 04:07:25 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2009/09/10 19:00:34 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/03 00:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/28 06:28:32 | 000,305,408 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/25 05:36:54 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\fusioncache.dat
[2009/07/24 04:00:27 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/04 00:06:18 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\fusioncache.dat
[2009/05/27 05:40:54 | 000,001,814 | ---- | C] () -- C:\WINDOWS\HprSnap.INI
[2009/05/26 04:19:33 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/22 08:10:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2009/05/22 08:10:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2008/11/11 15:59:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/05 06:58:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/10/11 17:36:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2008/10/11 17:36:11 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/10/11 17:36:06 | 000,000,778 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2008/10/11 17:36:06 | 000,000,080 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2008/08/18 16:07:05 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 02:38:01 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/03 02:38:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\PnkBstrK.sys
[2008/01/28 06:05:33 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/12/06 00:59:26 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\M Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 04:47:36 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\AVSDVDPlayer.m3u
[2007/09/08 02:06:57 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007/08/25 00:38:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\CS Chung\Application Data\AVSDVDPlayer.m3u
[2007/08/04 06:51:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/07/04 06:26:05 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/30 00:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/06/27 02:11:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/18 05:09:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 05:12:31 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/06/15 04:01:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7M.DLL
[2007/06/14 06:28:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/11/28 17:09:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT4.dll
[2004/11/28 17:05:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT3.dll
[2004/11/27 23:28:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT2.dll
[2004/11/27 23:11:01 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT1.dll
[2004/08/03 19:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/08 07:04:46 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\caacedfedaadeca.dll
========== LOP Check ==========
[2009/05/30 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Canon
[2008/06/29 01:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\CD-LabelPrint
[2009/07/25 05:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Cuttermaran
[2009/01/28 02:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\HiYo
[2009/07/28 06:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Pegasys Inc
[2009/11/09 14:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\QuickScan
[2009/08/09 08:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDo-TVSuite
[2009/08/05 07:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDoPlus
[2009/02/28 18:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\HiYo
[2009/07/24 18:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\My Battle for Middle-earth Files
[2007/07/01 21:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Sierra
[2007/11/24 06:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Thunderbird
[2009/11/25 06:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Any Video Converter
[2010/01/29 02:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Auslogics
[2010/01/25 01:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Error Fix
[2010/01/22 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Leadertech
[2009/11/26 03:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mp3tag
[2009/12/13 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\My Battle for Middle-earth(tm) II Files
[2009/11/19 05:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Registry Mechanic
[2010/01/25 00:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\ScanSoft
[2010/01/25 23:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Simply Super Software
[2009/11/19 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Ubisoft
[2010/03/05 07:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
========== Purity Check ==========
========== Custom Scans ==========
< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/24 17:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/10/24 17:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () MD5=2A7506584BB54EB87CA6F1BCF1DBBE15 -- C:\WINDOWS\maxdriver\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\ComboFix\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: LSASS.EXE >
[2004/08/04 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\lsass.exe
[2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe
< End of report >
-
Can u get my XP working soon, i sorta needa do my skool work ;D
-
Open OTLPE
In the Custom Scans box, place in the following then press Quick Scan:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
Post the log in your next reply.
-
OTL logfile created on: 3/11/2010 5:03:03 PM - Run
OTLPE by OldTimer - Version 3.1.35.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.74 Gb Total Space | 15.67 Gb Free Space | 24.21% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 20.66 Gb Free Space | 52.89% Space Free | Partition Type: NTFS
Drive E: | 45.25 Gb Total Space | 11.29 Gb Free Space | 24.94% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 4.55 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive G: | 199.73 Gb Total Space | 135.39 Gb Free Space | 67.79% Space Free | Partition Type: NTFS
Drive H: | 296.53 Gb Total Space | 13.07 Gb Free Space | 4.41% Space Free | Partition Type: NTFS
Drive I: | 329.06 Gb Total Space | 214.31 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
Drive J: | 3.75 Gb Total Space | 1.63 Gb Free Space | 43.45% Space Free | Partition Type: FAT32
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (ssrcc)
SRV - File not found [Auto] -- -- (msrvc)
SRV - File not found [Auto] -- -- (DNTVSchedulerPro)
SRV - [2010/02/19 03:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/07 00:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/09 18:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 22:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/29 19:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/19 20:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/18 20:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/15 09:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2001/04/05 22:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\CS_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\M_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE - HKU\M_Chung_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\M_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/14 06:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 02:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/21 02:47:09 | 000,000,000 | ---D | M]
[2010/03/06 06:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/08 06:29:36 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
O1 HOSTS File: ([2010/02/04 03:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DNTVSchedulerProTray Icon] C:\Program Files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe (Renura Enterprises Pty Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S_Chung_ON_C..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S_Chung_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\CS_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\M_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256421470390 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/24 14:13:42 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WdfLoadGroup -
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646d-cd3c-40f4-97b9-cd9e4e6262ef} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89b4c1cd-b018-4511-b0a1-5476dbf70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MKVC - C:\WINDOWS\System32\KMVIDC32.DLL ()
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
========== Files/Folders - Created Within 14 Days ==========
[2010/03/09 22:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R
[2010/03/07 05:14:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/07 05:14:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/07 05:14:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/07 05:14:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/07 05:13:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/03/07 04:39:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 23:37:55 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/03/06 23:37:54 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/03/06 23:37:53 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/03/06 23:37:53 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/03/06 23:37:53 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/03/06 23:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/03/06 23:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/03/06 23:36:29 | 000,000,000 | ---D | C] -- C:\ATI
[2010/03/06 23:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2010/03/05 23:41:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
[2010/03/05 18:03:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
[2010/03/04 02:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\mIRC
[2010/03/03 05:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R Buttons
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207000.034
[2010/03/02 04:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/03/02 03:08:38 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/03/02 02:57:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/28 03:43:11 | 000,632,832 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[2010/02/26 23:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CS Chung\Application Data\Logitech
[2010/02/26 18:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/03/10 20:21:20 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/07 05:43:08 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:08 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 05:43:00 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\S Chung\NTUSER.DAT
[2010/03/07 05:42:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\S Chung\ntuser.ini
[2010/03/07 05:31:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/07 05:30:24 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/07 05:30:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/07 05:29:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 05:29:26 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/07 05:29:25 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/03/07 05:00:18 | 004,121,899 | R--- | M] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/03/07 04:14:37 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\maths PROBLEMS Part 4.doc
[2010/03/06 23:13:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/03/06 22:21:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/06 00:52:28 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\CS Chung\ntuser.dat.rmbak
[2010/03/06 00:52:28 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.rmbak
[2010/03/06 00:51:45 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\S Chung\ntuser.dat.rmbak
[2010/03/06 00:51:17 | 003,731,456 | ---- | M] () -- C:\Documents and Settings\M Chung\NTUSER.DAT
[2010/03/06 00:51:17 | 000,774,144 | ---- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/03/06 00:51:17 | 000,462,848 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-1935655697-688789844-1801674531-500.rrr
[2010/03/06 00:51:15 | 003,702,784 | ---- | M] () -- C:\Documents and Settings\CS Chung\NTUSER.DAT
[2010/03/06 00:50:53 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\s-1-5-19.rrr
[2010/03/05 20:13:49 | 000,007,410 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:00:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\CS Chung\ntuser.ini
[2010/03/05 17:59:52 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/05 17:59:22 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/05 17:59:22 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/05 05:40:27 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:08:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/04 03:05:24 | 000,060,056 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:52 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:21 | 000,172,335 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:40 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 07:24:28 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/02 05:45:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:28 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/28 03:43:15 | 000,632,832 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[2010/02/27 01:53:10 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/26 23:40:38 | 000,149,440 | ---- | M] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/26 20:01:07 | 000,638,548 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/26 18:36:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 06:32:31 | 003,729,202 | -H-- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\IconCache.db
[2010/02/26 06:13:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 01:07:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
-
[2010/03/07 05:14:08 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/07 05:14:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/07 05:14:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/07 05:14:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/07 05:14:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/06 23:44:18 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/06 23:37:55 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/03/06 23:37:54 | 000,455,520 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/03/06 23:37:53 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/03/06 23:37:53 | 000,198,341 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/03/06 23:37:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/03/06 23:37:53 | 000,031,240 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/03/06 23:37:53 | 000,020,274 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/03/06 23:37:53 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/03/06 06:43:07 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/05 20:13:47 | 000,007,410 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 06:47:19 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:04:41 | 000,060,056 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:51 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:20 | 000,172,335 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:39 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 05:45:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:24 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/02 02:52:56 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/01 06:21:08 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/27 01:52:58 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/26 23:06:08 | 004,121,899 | R--- | C] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/02/26 19:55:08 | 000,638,548 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/26 18:36:01 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 06:13:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 01:07:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/26 00:47:19 | 000,085,797 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Cheetah-Anti-Rogue.cmd
[2010/02/23 06:16:57 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/23 06:16:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/16 04:48:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 04:48:18 | 000,017,984 | ---- | C] () -- C:\WINDOWS\System32\WinFLdrv.sys
[2010/02/16 04:48:17 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\S Chung\Application Data\systemfl.$dk
[2010/02/16 01:37:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2010/01/25 22:08:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/25 00:03:25 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/12/14 23:08:59 | 000,000,355 | ---- | C] () -- C:\WINDOWS\Sonic3K.INI
[2009/12/14 03:02:54 | 000,075,600 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\ReplayMusicLog.log
[2009/11/24 05:45:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/23 06:02:51 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/09 14:17:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\housecall.guid.cache
[2009/10/26 06:13:43 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/10/24 04:07:25 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2009/09/10 19:00:34 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/03 00:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/28 06:28:32 | 000,305,408 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/25 05:36:54 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\fusioncache.dat
[2009/07/24 04:00:27 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/04 00:06:18 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\fusioncache.dat
[2009/05/27 05:40:54 | 000,001,814 | ---- | C] () -- C:\WINDOWS\HprSnap.INI
[2009/05/26 04:19:33 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/22 08:10:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2009/05/22 08:10:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2008/11/11 15:59:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/05 06:58:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/10/11 17:36:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2008/10/11 17:36:11 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/10/11 17:36:06 | 000,000,778 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2008/10/11 17:36:06 | 000,000,080 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2008/08/18 16:07:05 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 02:38:01 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/03 02:38:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\PnkBstrK.sys
[2008/01/28 06:05:33 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/12/06 00:59:26 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\M Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 04:47:36 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\AVSDVDPlayer.m3u
[2007/09/08 02:06:57 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007/08/25 00:38:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\CS Chung\Application Data\AVSDVDPlayer.m3u
[2007/08/04 06:51:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/07/04 06:26:05 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/30 00:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/06/27 02:11:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/18 05:09:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 05:12:31 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/06/15 04:01:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7M.DLL
[2007/06/14 06:28:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/11/28 17:09:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT4.dll
[2004/11/28 17:05:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT3.dll
[2004/11/27 23:28:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT2.dll
[2004/11/27 23:11:01 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT1.dll
[2004/08/03 19:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/08 07:04:46 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\caacedfedaadeca.dll
========== LOP Check ==========
[2009/05/30 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Canon
[2008/06/29 01:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\CD-LabelPrint
[2009/07/25 05:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Cuttermaran
[2009/01/28 02:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\HiYo
[2009/07/28 06:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Pegasys Inc
[2009/11/09 14:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\QuickScan
[2009/08/09 08:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDo-TVSuite
[2009/08/05 07:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDoPlus
[2009/02/28 18:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\HiYo
[2009/07/24 18:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\My Battle for Middle-earth Files
[2007/07/01 21:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Sierra
[2007/11/24 06:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Thunderbird
[2009/11/25 06:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Any Video Converter
[2010/01/29 02:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Auslogics
[2010/01/25 01:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Error Fix
[2010/01/22 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Leadertech
[2009/11/26 03:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mp3tag
[2009/12/13 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\My Battle for Middle-earth(tm) II Files
[2009/11/19 05:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Registry Mechanic
[2010/01/25 00:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\ScanSoft
[2010/01/25 23:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Simply Super Software
[2009/11/19 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Ubisoft
[2010/03/05 07:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\*. /mp /s >
< c:\$recycle.bin\*.* /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-07 06:57:23
< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/10/24 17:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/10/24 17:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\maxdriver\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 07:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/24 17:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/10/24 17:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () MD5=2A7506584BB54EB87CA6F1BCF1DBBE15 -- C:\WINDOWS\maxdriver\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\ComboFix\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 07:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: BEEP.SYS >
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\maxdriver\beep.sys
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: IMM32.DLL >
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 07:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll
< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2004/08/04 07:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2004/08/04 07:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll
< MD5 for: LOGEVENT.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\logevent.dll
< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 07:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2004/08/04 07:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\maxdriver\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\maxdriver\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 07:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 07:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2004/08/04 07:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll
< MD5 for: PROQUOTA.EXE >
[2004/08/04 07:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe
< MD5 for: QMGR.DLL >
[2004/08/04 07:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SFCFILES.DLL >
[2004/08/04 07:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll
< MD5 for: SPOOLSV.EXE >
[2004/08/04 07:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2004/08/04 07:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe
< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 07:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll
< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TERMSRV.DLL >
[2004/08/04 07:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll
< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 07:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 07:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll
< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 12:46:57 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2009/12/21 14:14:02 | 011,070,464 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2009/12/21 14:14:03 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 19:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 19:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/06/17 14:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >
-
Please run OTLPE.
- Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:files
C:\WINDOWS\system32\eventlog.dll|C:\WINDOWS\ServicePackFiles\i386\eventlog.dll /replace
- Return to OTLPE, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
- Click the red Run Fix button.
- A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTLPE
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
-
========== FILES ==========
File C:\WINDOWS\system32\eventlog.dll successfully replaced with C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
OTLPE by OldTimer - Version 3.1.35.0 log created on 03122010_162834
When will my PC be able to boot from XP again?
-
Did you try it? Try it real quick.
-
When it gets to here..... the computer restarts.
[Saving space, attachment deleted by admin]
-
Oh ok.
Open OTLPE, place the following in and hit quick scan:
/md5start
userinit.exe
netlogon.dll
/md5stop
Post the log.
-
OTL logfile created on: 3/13/2010 4:17:23 PM - Run
OTLPE by OldTimer - Version 3.1.35.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.74 Gb Total Space | 15.67 Gb Free Space | 24.21% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 20.66 Gb Free Space | 52.89% Space Free | Partition Type: NTFS
Drive E: | 45.25 Gb Total Space | 11.29 Gb Free Space | 24.94% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 4.55 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive G: | 199.73 Gb Total Space | 135.39 Gb Free Space | 67.79% Space Free | Partition Type: NTFS
Drive H: | 296.53 Gb Total Space | 13.07 Gb Free Space | 4.41% Space Free | Partition Type: NTFS
Drive I: | 329.06 Gb Total Space | 214.31 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
Drive J: | 3.75 Gb Total Space | 1.63 Gb Free Space | 43.45% Space Free | Partition Type: FAT32
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (ssrcc)
SRV - File not found [Auto] -- -- (msrvc)
SRV - File not found [Auto] -- -- (DNTVSchedulerPro)
SRV - [2010/02/19 03:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/07 00:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/09 18:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 22:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/29 19:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/19 20:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/18 20:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/15 09:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2001/04/05 22:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\CS_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\M_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE - HKU\M_Chung_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\M_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/14 06:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 02:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/21 02:47:09 | 000,000,000 | ---D | M]
[2010/03/06 06:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/08 06:29:36 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
O1 HOSTS File: ([2010/02/04 03:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DNTVSchedulerProTray Icon] C:\Program Files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe (Renura Enterprises Pty Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S_Chung_ON_C..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S_Chung_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\CS_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\M_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256421470390 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
========== Files/Folders - Created Within 14 Days ==========
[2010/03/09 22:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R
[2010/03/07 05:14:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/07 05:14:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/07 05:14:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/07 05:14:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/07 05:13:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/03/07 04:39:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 23:37:55 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/03/06 23:37:54 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/03/06 23:37:53 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/03/06 23:37:53 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/03/06 23:37:53 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/03/06 23:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/03/06 23:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/03/06 23:36:29 | 000,000,000 | ---D | C] -- C:\ATI
[2010/03/06 23:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2010/03/05 23:41:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
[2010/03/05 18:03:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
[2010/03/04 02:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\mIRC
[2010/03/03 05:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R Buttons
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207000.034
[2010/03/02 04:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/03/02 03:08:38 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/03/02 02:57:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/28 03:43:11 | 000,632,832 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2010/03/12 16:28:51 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/07 05:43:08 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:08 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 05:43:00 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\S Chung\NTUSER.DAT
[2010/03/07 05:42:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\S Chung\ntuser.ini
[2010/03/07 05:31:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/07 05:30:24 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/07 05:30:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/07 05:29:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 05:29:26 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/07 05:29:25 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/03/07 05:00:18 | 004,121,899 | R--- | M] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/03/07 04:14:37 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\maths PROBLEMS Part 4.doc
[2010/03/06 23:13:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/03/06 22:21:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/06 00:52:28 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\CS Chung\ntuser.dat.rmbak
[2010/03/06 00:52:28 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.rmbak
[2010/03/06 00:51:45 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\S Chung\ntuser.dat.rmbak
[2010/03/06 00:51:17 | 003,731,456 | ---- | M] () -- C:\Documents and Settings\M Chung\NTUSER.DAT
[2010/03/06 00:51:17 | 000,774,144 | ---- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/03/06 00:51:17 | 000,462,848 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-1935655697-688789844-1801674531-500.rrr
[2010/03/06 00:51:15 | 003,702,784 | ---- | M] () -- C:\Documents and Settings\CS Chung\NTUSER.DAT
[2010/03/06 00:50:53 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\s-1-5-19.rrr
[2010/03/05 20:13:49 | 000,007,410 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:00:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\CS Chung\ntuser.ini
[2010/03/05 17:59:52 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/05 17:59:22 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/05 17:59:22 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/05 05:40:27 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:08:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/04 03:05:24 | 000,060,056 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:52 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:21 | 000,172,335 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:40 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 07:24:28 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/02 05:45:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:28 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/28 03:43:15 | 000,632,832 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/03/07 05:14:08 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/07 05:14:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/07 05:14:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/07 05:14:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/07 05:14:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/06 23:44:18 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/06 23:37:55 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/03/06 23:37:54 | 000,455,520 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/03/06 23:37:53 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/03/06 23:37:53 | 000,198,341 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/03/06 23:37:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/03/06 23:37:53 | 000,031,240 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/03/06 23:37:53 | 000,020,274 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/03/06 23:37:53 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/03/06 06:43:07 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/05 20:13:47 | 000,007,410 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 06:47:19 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:04:41 | 000,060,056 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:51 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:20 | 000,172,335 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:39 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 05:45:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:24 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/02 02:52:56 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/01 06:21:08 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/23 06:16:57 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/23 06:16:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/16 04:48:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 04:48:18 | 000,017,984 | ---- | C] () -- C:\WINDOWS\System32\WinFLdrv.sys
[2010/02/16 04:48:17 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\S Chung\Application Data\systemfl.$dk
[2010/02/16 01:37:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2010/01/25 22:08:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/25 00:03:25 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/12/14 23:08:59 | 000,000,355 | ---- | C] () -- C:\WINDOWS\Sonic3K.INI
[2009/12/14 03:02:54 | 000,075,600 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\ReplayMusicLog.log
[2009/11/24 05:45:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/23 06:02:51 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/09 14:17:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\housecall.guid.cache
[2009/10/26 06:13:43 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/10/24 04:07:25 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2009/09/10 19:00:34 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/03 00:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/28 06:28:32 | 000,305,408 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/25 05:36:54 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\fusioncache.dat
[2009/07/24 04:00:27 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/04 00:06:18 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\fusioncache.dat
[2009/05/27 05:40:54 | 000,001,814 | ---- | C] () -- C:\WINDOWS\HprSnap.INI
[2009/05/26 04:19:33 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/22 08:10:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2009/05/22 08:10:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2008/11/11 15:59:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/05 06:58:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/10/11 17:36:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2008/10/11 17:36:11 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/10/11 17:36:06 | 000,000,778 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2008/10/11 17:36:06 | 000,000,080 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2008/08/18 16:07:05 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 02:38:01 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/03 02:38:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\PnkBstrK.sys
[2008/01/28 06:05:33 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/12/06 00:59:26 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\M Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 04:47:36 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\AVSDVDPlayer.m3u
[2007/09/08 02:06:57 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007/08/25 00:38:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\CS Chung\Application Data\AVSDVDPlayer.m3u
[2007/08/04 06:51:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/07/04 06:26:05 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/30 00:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/06/27 02:11:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/18 05:09:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 05:12:31 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/06/15 04:01:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7M.DLL
[2007/06/14 06:28:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/11/28 17:09:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT4.dll
[2004/11/28 17:05:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT3.dll
[2004/11/27 23:28:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT2.dll
[2004/11/27 23:11:01 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT1.dll
[2004/08/03 19:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/08 07:04:46 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\caacedfedaadeca.dll
========== LOP Check ==========
[2009/05/30 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Canon
[2008/06/29 01:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\CD-LabelPrint
[2009/07/25 05:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Cuttermaran
[2009/01/28 02:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\HiYo
[2009/07/28 06:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Pegasys Inc
[2009/11/09 14:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\QuickScan
[2009/08/09 08:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDo-TVSuite
[2009/08/05 07:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDoPlus
[2009/02/28 18:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\HiYo
[2009/07/24 18:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\My Battle for Middle-earth Files
[2007/07/01 21:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Sierra
[2007/11/24 06:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Thunderbird
[2009/11/25 06:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Any Video Converter
[2010/01/29 02:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Auslogics
[2010/01/25 01:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Error Fix
[2010/01/22 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Leadertech
[2009/11/26 03:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mp3tag
[2009/12/13 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\My Battle for Middle-earth(tm) II Files
[2009/11/19 05:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Registry Mechanic
[2010/01/25 00:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\ScanSoft
[2010/01/25 23:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Simply Super Software
[2009/11/19 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Ubisoft
[2010/03/05 07:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
========== Purity Check ==========
========== Custom Scans ==========
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< End of report >
-
Can u sorta hurry up a bit.... All i wanted is to remove the redirect problem and instead I get a PC which can't even load XP anymore...
I would've prefered a PC which actually works but has a virus over one which doesn't. So I don't care if u just restore everything to what it was earlier, even if it has a rootkit. I just want my XP working.
-
Umm... the rootkit shut your computer down. So, if you were not to get help like this, then your PC would have eventually not have booted anymore.
You're going to need a program called TestDisk (http://"http://www.cgsecurity.org/wiki/TestDisk"). It's a free and open source disk recovery program.
Step 1: Download the TestDisk executable here: Download (http://"http://www.cgsecurity.org/testdisk-6.11.3.win.zip") and save it to a flash drive.
Step 2: On the Reatogo desktop, extract the downloaded zip file using your favorite archive extractor.
Step 3: Double-click on the testdisk_win.exe file (found in the win folder of the extracted archive)
Step 4: You will now be at a scary looking text-based command window:
(http://www.cgsecurity.org/mw/images/Create_log.gif)
Press Enter here to create a new log file.
Step 5: TestDisk will now detect all local hard drives, and present them in a list like this:
(http://www.cgsecurity.org/mw/images/Select_disk_update.gif)
You have indicated that there is only one hard drive attached to your computer, with two partitions. So, use the arrow (up and down) keys to highlight the disk called /dev/sda.
Note: If /dev/sda isn't listed or you have more than one hard drive, STOP and post back here.
With /dev/sda selected, press Enter
Step 6: Now we need to specify the type of partitions that are on your disk. Select Intel (even if you have an AMD processor).
(http://www.cgsecurity.org/mw/images/Partition_table_type.gif)
Press Enter.
Step 7: Select Analyse and press Enter.
(http://www.cgsecurity.org/mw/images/Menus.gif)
Quit TestDisk by pressing Q. Post me the testdisk log please (it can be found in the win folder).
-
======== EDIT ========
Don't worry about this. I don't know how to delete this post.
-
:-\ I Hope i did this right:
Tue Mar 16 22:57:05 2010
Command line: TestDisk
TestDisk 6.11.3, Data Recovery Utility, May 2009
Christophe GRENIER <[email protected]>
http://www.cgsecurity.org
OS: Windows XP
Compiler: GCC 4.3, Cygwin 1005.25 - May 6 2009 20:35:43
ext2fs lib: 1.41.4, ntfs lib: 10:0:0, reiserfs lib: 0.3.1-rc8, ewf lib: 20080501
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(/dev/sda)=160040803840
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(/dev/sdb)=1000203804160
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(/dev/sdc)=2019557376
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\PhysicalDrive0)=160040803840
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\PhysicalDrive1)=1000203804160
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\PhysicalDrive2)=2019557376
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\C:)=69511809024
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\D:)=114027024384
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\E:)=48586728960
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\F:)=41940702720
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\G:)=214457725440
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\H:)=318392363520
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\I:)=353325127680
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\J:)=2015363072
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\X:)=290244608
file_pread(4,1,buffer,312592769(19457/254/63)) lseek err Invalid argument
file_pread(5,1,buffer,1953536129(121601/254/63)) lseek err Invalid argument
file_pread(6,1,buffer,3951989(245/254/63)) lseek err Invalid argument
Hard disk list
Disk /dev/sda - 160 GB / 149 GiB - CHS 19457 255 63, sector size=512 - WDC WD1600JD-00HBB0
Disk /dev/sdb - 1000 GB / 931 GiB - CHS 121601 255 63, sector size=512 - SAMSUNG HD103UJ
Disk /dev/sdc - 2019 MB / 1926 MiB - CHS 245 255 63, sector size=512 - JetFlash Transcend 2GB
Drive X: - 290 MB / 276 MiB - CHS 69 64 32, sector size=2048 - PIONEER DVD-RW DVR-109
Partition table type (auto): Intel
Disk /dev/sda - 160 GB / 149 GiB - WDC WD1600JD-00HBB0
Partition table type: Intel
Analyse Disk /dev/sda - 160 GB / 149 GiB - CHS 19457 255 63
Geometry from i386 MBR: head=255 sector=63
NTFS at 0/1/1
NTFS at 8451/0/1
NTFS at 14358/0/1
get_geometry_from_list_part_aux head=255 nbr=6
get_geometry_from_list_part_aux head=8 nbr=1
get_geometry_from_list_part_aux head=16 nbr=1
get_geometry_from_list_part_aux head=32 nbr=1
get_geometry_from_list_part_aux head=64 nbr=1
get_geometry_from_list_part_aux head=128 nbr=1
get_geometry_from_list_part_aux head=240 nbr=1
get_geometry_from_list_part_aux head=255 nbr=6
Current partition structure:
1 * HPFS - NTFS 0 1 1 8450 254 63 135765252 [MAIN]
2 P HPFS - NTFS 8451 0 1 14357 254 63 94895955 [GAMES]
3 P HPFS - NTFS 14358 0 1 19456 254 63 81915435 [PHOTOS]
-
Ok. I hope this will work now.
Please run OTLPE.
- Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ERDNT\cache\atapi.sys /replace
:commands
[reboot]
- Return to OTLPE, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
- Click the red Run Fix button.
- A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTLPE
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Then, let me know if it can boot.
-
The OTLPE won't close unless I select YES to reboot. After I Click YES it won't reboot, or do I needa wait like 1 hour or something?
-
Did you try to manually reboot?
-
After manual reset, it still can't boot :(
-
Try the fix once more, and attempt a reboot again, please.
-
same result as above :'(
-
YEEESSSS!!!!! :D
I got it to boot up again. Heres how I did it. When i turned it on, I pressed F8 to load up the Safe Mode, Safe Mode with Networking menu thing. Then I selected Boot with Last Known Working Settings and it booted up normally. Then I ran the OTL thing and replaced it and reset and now it works :D
Now can u help me with updating my Malwarebytes. It comes up with this:
[Saving space, attachment deleted by admin]
-
I changed antiviruses so that wouldn't happen again to Avira Antivir
Also should I be worried by this:
[Saving space, attachment deleted by admin]
-
Good job. ;D
1. Uninstall Malwarebytes' Anti-Malware using Add or Remove programs in the Control Panel.
2. Restart your computer (very important).
3. Download and run this utility (http://www.malwarebytes.org/mbam-clean.exe).
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button).
Open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
-
The thing is I can't access the Malwarebytes site or the Superantispyware. It comes up with Problem Loading Page. I'll download MBclean from another PC
Malwarebytes did not update.
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
21/03/2010 4:20:06 PM
mbam-log-2010-03-21 (16-20-06).txt
Scan type: Quick Scan
Objects scanned: 174234
Time elapsed: 9 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
My new antivirus: Avira Antivira detected atapi.sys as a malware.
Heres log:
Avira AntiVir Personal
Report file date: Sunday, 21 March 2010 21:37
Scanning for 1879445 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : S Chung
Computer name : CSC2
Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 00:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/26/2009 23:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 00:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/26/2009 23:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 20:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 02:30:46
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 02:31:00
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 02:31:06
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 02:31:19
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 02:31:19
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 02:31:21
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 02:31:21
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 02:31:25
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 02:31:25
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 02:31:25
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 02:31:26
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 02:31:26
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 02:31:28
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 02:31:29
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 02:31:31
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 02:31:32
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 02:31:35
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 02:31:36
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 02:31:43
VBASE020.VDF : 7.10.5.139 2048 Bytes 3/18/2010 02:31:43
VBASE021.VDF : 7.10.5.140 2048 Bytes 3/18/2010 02:31:44
VBASE022.VDF : 7.10.5.141 2048 Bytes 3/18/2010 02:31:45
VBASE023.VDF : 7.10.5.142 2048 Bytes 3/18/2010 02:31:45
VBASE024.VDF : 7.10.5.143 2048 Bytes 3/18/2010 02:31:45
VBASE025.VDF : 7.10.5.144 2048 Bytes 3/18/2010 02:31:46
VBASE026.VDF : 7.10.5.145 2048 Bytes 3/18/2010 02:31:47
VBASE027.VDF : 7.10.5.146 2048 Bytes 3/18/2010 02:31:47
VBASE028.VDF : 7.10.5.147 2048 Bytes 3/18/2010 02:31:47
VBASE029.VDF : 7.10.5.148 2048 Bytes 3/18/2010 02:31:48
VBASE030.VDF : 7.10.5.149 2048 Bytes 3/18/2010 02:31:48
VBASE031.VDF : 7.10.5.155 59392 Bytes 3/19/2010 02:31:50
Engineversion : 8.2.1.196
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/21/2010 02:32:20
AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 3/21/2010 02:32:19
AESCN.DLL : 8.1.5.0 127347 Bytes 3/21/2010 02:32:15
AESBX.DLL : 8.1.2.1 254323 Bytes 3/21/2010 02:32:22
AERDL.DLL : 8.1.4.3 541043 Bytes 3/21/2010 02:32:14
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/21/2010 02:32:12
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/21/2010 02:32:06
AEHEUR.DLL : 8.1.1.13 2470262 Bytes 3/21/2010 02:32:04
AEHELP.DLL : 8.1.10.2 237941 Bytes 3/21/2010 02:31:55
AEGEN.DLL : 8.1.3.2 373108 Bytes 3/21/2010 02:31:54
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/7/2009 20:38:26
AECORE.DLL : 8.1.12.3 188789 Bytes 3/21/2010 02:31:51
AEBB.DLL : 8.1.0.3 53618 Bytes 11/7/2009 20:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/11/2008 21:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 04:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/21/2010 02:32:23
AVREG.DLL : 9.0.0.0 36609 Bytes 12/4/2008 23:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 04:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/29/2009 23:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 04:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/1/2009 21:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/4/2008 23:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 04:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 01:25:47
Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: Sunday, 21 March 2010 21:37
Starting search for hidden objects.
c:\windows\system32\sys_drv.dat
[INFO] The file is not visible.
[NOTE] A backup was created as '4c18f7de.qua' ( QUARANTINE )
c:\windows\system32\sys_drv_2.dat
[INFO] The file is not visible.
[NOTE] A backup was created as '4d9266d7.qua' ( QUARANTINE )
c:\windows\system32\winfldrv.sys
[INFO] The file is not visible.
[NOTE] A backup was created as '4c13f7ce.qua' ( QUARANTINE )
c:\documents and settings\s chung\application data\systemfl.$dk
[INFO] The file is not visible.
[NOTE] A backup was created as '4d961717.qua' ( QUARANTINE )
'68161' objects were checked, '4' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'WinManager.exe' - '1' Module(s) have been scanned
Scan process 'wrapper.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'BDTUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'DNTVSchedulerProTray.exe' - '1' Module(s) have been scanned
Scan process 'ForceField.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ISWSVC.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '69' files ).
Starting the file scan:
Begin scan in 'C:\' <MAIN>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\S Chung\Desktop\ \Downloadz\zaSetup_91_007_002_en.exe
- Archive type: ZIP SFX (self extracting)
--> SWITCHUNINST_44ZONE LABS.EXE
[1] Archive type: RSRC
--> WINDOWS6.0-KB929547-V2-X64.MSU
[1] Archive type: CAB (Microsoft)
--> Windows6.0-KB929547-v2-x64.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\maxdriver\atapi.sys
[DETECTION] Is the TR/Patched.Gen Trojan
Beginning disinfection:
C:\WINDOWS\maxdriver\atapi.sys
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to '4c070349.qua'!
End of the scan: Sunday, 21 March 2010 22:28
Used time: 50:34 Minute(s)
The scan has been done completely.
13146 Scanned directories
564106 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
564103 Files not concerned
4673 Archives were scanned
3 Warnings
7 Notes
68161 Objects were scanned with rootkit scan
4 Hidden objects were found
-
I already knew that. :P
Luckily it did not detect the legit one (C:\windows\system32\atapi.sys)
That is the same infection that is continually giving the Google Redirects. Let's put its book on the shelf. ;D
- Please download maxlook (http://noahdfear.net/downloads/maxlook.exe) and save the file to your desktop.
- Double click maxlook.exe to run it. Note - you must run it only once!
- As instructed when the tool runs, restart the computer and logon to the Recovery Console.
- Start the Recovery Console directly from the Windows XP CD by do the following:
- Insert the Windows XP cd in your computer.
- Restart your computer so you are booting off of the CD.
- When the Welcome to Setup screen appears, press the R button on your keyboard to start the Recovery Console.
- The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.
- It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter. If you do not know your password then see this (http://www.bleepingcomputer.com/tutorials/tutorial117.html#password).
- If you entered the correct password you will now be presented with a C:\Windows> prompt and you can start using the Recovery Console.
- Type the following bolded command at the C:\windows> prompt and press Enter: batch look.bat
- You will see "1 file(s) copied" many times then return to the c:\windows> prompt.
- Type Exit and press Enter to restart your computer then logon in normal mode.
- Please run maxlook.exe again now. Note - you must run it only once!
- It will produce looklog.txt on the desktop.
- Please post the results here.
-
um... ok? Maxlook didn't ask me to reset. INstead it popped up like this:
Run from C:\Documents and Settings\S Chung\Desktop\maxlook.exe on Mon 22/03/2010 at 18:38:21.93
No infected file found
atapi.sys has gone missing!
avgntdd.sys has gone missing!
avgntflt.sys has gone missing!
avgntmgr.sys has gone missing!
avipbb.sys has gone missing!
ssmdrv.sys has gone missing!
-
Ok. Do not reboot your computer until I tell you to. MaxLook did not reboot, because atapi.sys is missing apparently. (If you accidentally shut it down or reboot, your computer may not boot anymore)
Let's do this and replace it:
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:filefind
atapi.sys
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
-
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:07 on 23/03/2010 by S Chung (Administrator - Elevation successful)
========== filefind ==========
Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [22:21 24/10/2009] [12:00 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [08:26 04/02/2010] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys ------ 96512 bytes [22:05 24/10/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\atapi.sys --a--c 96512 bytes [18:40 13/04/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--c 96512 bytes [12:00 04/08/2004] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [12:00 04/08/2004] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
-=End Of File=-
-
Ok. That is clean.
How is your computer running at this point?
-
atm fine. Just my Reg Mechanic, Superantispyware & Malwarebytes cant update.
-
Please download A-Squared HiJackFree from here (http://download2.emsisoft.com/a2HiJackFreeSetup.exe) and save it to your Desktop. Double-click to install. When you launch the program, please wait 1 minute to allow it to load all the Processes, Services, etc.
Then, click the following: (http://img36.imageshack.us/img36/2536/asquared.jpg)
Save the log to the Desktop, or some other memorable place. Then, the log shall launch in Notepad. Please post the results of that log in your next reply.
-
I ran combofix again and it found something and my programs update now! ;D
ComboFix 10-03-23.03 - S Chung 24/03/2010 16:08:24.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1461 [GMT 11:00]
Running from: c:\documents and settings\S Chung\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\eSellerateEngine.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-24 to 2010-03-24 )))))))))))))))))))))))))))))))
.
2010-03-22 10:46 . 2010-03-22 10:46 10134 ----a-r- c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{D679B939-2FF1-58DE-40E0-4876F5C482A5}\ARPPRODUCTICON.exe
2010-03-21 23:56 . 2010-03-21 23:56 -------- d-----w- C:\_OTL
2010-03-21 04:55 . 2010-01-07 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-21 04:55 . 2010-03-21 04:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-21 04:55 . 2010-01-07 05:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-21 03:57 . 2010-03-21 03:57 -------- d-----w- c:\documents and settings\S Chung\Application Data\Ahead
2010-03-21 02:28 . 2010-03-22 04:53 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-21 02:28 . 2009-03-29 22:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-21 02:28 . 2009-02-13 00:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-21 02:28 . 2009-02-13 00:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-21 02:28 . 2010-03-21 02:28 -------- d-----w- c:\program files\Avira
2010-03-21 02:28 . 2010-03-21 02:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2010-03-21 00:03 . 2010-03-21 00:03 -------- d-----w- c:\documents and settings\S Chung\Application Data\CheckPoint
2010-03-21 00:03 . 2010-03-21 00:03 -------- d-----w- c:\program files\CheckPoint
2010-03-21 00:03 . 2009-11-22 04:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-03-21 00:03 . 2009-11-22 04:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-03-21 00:03 . 2009-11-22 04:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-03-20 22:51 . 2009-12-16 03:42 43008 ----a-w- c:\documents and settings\M Chung\Application Data\Mozilla\Firefox\Profiles\9og0wtej.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-20 22:51 . 2009-12-16 03:42 340480 ----a-w- c:\documents and settings\M Chung\Application Data\Mozilla\Firefox\Profiles\9og0wtej.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-20 22:51 . 2009-12-16 03:42 872960 ----a-w- c:\documents and settings\M Chung\Application Data\Mozilla\Firefox\Profiles\9og0wtej.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-20 22:51 . 2009-12-16 03:41 346624 ----a-w- c:\documents and settings\M Chung\Application Data\Mozilla\Firefox\Profiles\9og0wtej.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-20 22:47 . 2010-03-20 22:47 -------- d-sh--w- c:\documents and settings\M Chung\IECompatCache
2010-03-18 05:13 . 2010-03-07 19:31 549888 ----a-r- C:\OTLPE.exe
2010-03-12 21:28 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2010-03-07 04:47 . 2010-03-07 04:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2010-03-07 04:36 . 2010-03-07 04:36 -------- d-----w- C:\ATI
2010-03-07 04:17 . 2010-03-07 04:17 -------- d-----w- c:\program files\Phyxion.net
2010-03-07 03:09 . 2010-03-07 03:09 10134 ----a-r- c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{638965F2-4A84-F3D5-DE33-FE6A8B1EF01C}\ARPPRODUCTICON.exe
2010-03-06 04:41 . 2010-03-06 04:50 -------- d-----w- c:\windows\maxdriver
2010-03-04 07:39 . 2010-03-06 01:28 -------- d-----w- c:\documents and settings\S Chung\Application Data\mIRC
2010-03-02 10:46 . 2010-03-02 10:46 52224 ----a-w- c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-02 09:08 . 2010-03-02 09:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2010-03-02 09:08 . 2010-03-02 09:08 -------- d-----w- c:\windows\system32\drivers\NSS
2010-03-02 09:08 . 2010-03-02 09:08 -------- d-----w- c:\program files\Norton Security Scan
2010-03-02 09:08 . 2010-03-02 09:08 -------- d-----w- c:\program files\NortonInstaller
2010-03-02 09:08 . 2010-03-02 09:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller
2010-03-01 11:14 . 2010-02-19 08:31 31936 ----a-w- c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-03-01 11:14 . 2010-02-19 08:31 29344 ----a-w- c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-02-27 04:40 . 2010-02-27 04:40 -------- d-----w- c:\documents and settings\CS Chung\Application Data\Logitech
2010-02-26 23:36 . 2010-03-06 00:16 -------- d-----w- c:\program files\WhoCrashed
2010-02-23 11:21 . 2010-02-23 11:21 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-02-23 11:16 . 2009-06-07 05:24 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-23 11:16 . 2009-06-07 05:16 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-23 11:16 . 2010-03-02 09:05 -------- d-----w- c:\program files\Xvid
2010-02-23 05:53 . 2010-02-23 05:58 -------- d-----w- c:\program files\MegaLeecher
2010-02-22 07:22 . 2010-03-21 03:34 -------- d-----w- c:\documents and settings\S Chung\Application Data\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 05:00 . 2007-11-11 03:37 1591648 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-03-24 04:57 . 2007-06-21 11:13 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-03-21 04:55 . 2009-11-19 10:05 -------- d-----w- c:\documents and settings\S Chung\Application Data\Malwarebytes
2010-03-21 04:55 . 2009-10-25 01:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-21 04:40 . 2010-01-26 03:06 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-21 00:08 . 2010-01-26 01:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-21 00:07 . 2009-06-07 06:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-21 00:03 . 2007-06-14 11:42 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-03-07 04:47 . 2009-11-19 10:05 -------- d-----w- c:\documents and settings\S Chung\Application Data\ATI
2010-03-07 04:41 . 2010-03-07 04:37 -------- d-----w- c:\program files\ATI Technologies
2010-03-07 04:37 . 2010-03-07 04:37 -------- d-----w- c:\program files\ATI
2010-03-06 01:15 . 2009-11-09 09:16 -------- d-----w- c:\program files\mIRC
2010-03-06 00:17 . 2008-04-25 05:16 -------- d-----w- c:\program files\Lavasoft
2010-03-06 00:17 . 2007-11-05 03:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2010-03-03 06:40 . 2005-04-10 12:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-02 10:46 . 2010-01-26 01:28 65024 ----a-r- c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-03-02 10:46 . 2010-01-26 01:28 5120 ----a-r- c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-03-02 09:08 . 2007-06-14 11:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2010-03-02 09:05 . 2007-10-30 07:51 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-01 11:22 . 2008-11-02 09:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-02-27 06:25 . 2007-11-20 10:21 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-27 05:20 . 2009-11-27 05:41 -------- d-----w- c:\documents and settings\S Chung\Application Data\Skype
2010-02-27 04:40 . 2007-06-14 11:46 149440 ----a-w- c:\documents and settings\CS Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-26 10:53 . 2009-07-02 01:31 -------- d-----w- c:\program files\DivX
2010-02-26 10:53 . 2009-05-22 11:46 -------- d-----w- c:\program files\AskBarDis
2010-02-25 09:57 . 2009-07-31 12:26 -------- d-----w- c:\program files\CamStudio
2010-02-23 11:20 . 2009-07-02 01:31 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-23 07:43 . 2008-08-03 09:07 401408 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-23 07:43 . 2008-08-03 09:07 765952 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-22 07:22 . 2010-02-11 06:29 -------- d-----w- c:\program files\uTorrent
2010-02-21 11:12 . 2008-09-02 07:30 -------- d-----r- c:\program files\Skype
2010-02-21 11:11 . 2008-09-02 07:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2010-02-17 09:29 . 2010-01-26 01:28 117760 ----a-w- c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-16 09:48 . 2010-02-16 09:48 180224 ----a-w- c:\windows\system32\WinVd32.sys
2010-02-16 09:48 . 2010-02-16 09:48 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2010-02-16 06:54 . 2010-02-16 06:37 -------- d-----w- c:\program files\Audio Mid Recorder
2010-02-16 06:35 . 2007-08-25 04:54 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-02-16 06:35 . 2009-12-07 02:03 -------- d-----w- c:\program files\AVS4YOU
2010-02-16 06:25 . 2009-11-26 08:15 -------- d-----w- c:\program files\Mp3tag
2010-02-14 00:27 . 2010-01-26 03:06 -------- d-----w- c:\program files\Spyware Doctor
2010-02-13 08:37 . 2010-02-12 11:04 -------- d-----w- c:\documents and settings\S Chung\Application Data\vlc
2010-02-13 05:29 . 2010-02-13 05:29 -------- d-----w- c:\documents and settings\S Chung\Application Data\dvdcss
2010-02-10 11:12 . 2010-02-10 11:12 -------- d-----w- c:\documents and settings\S Chung\Application Data\AVS4YOU
2010-02-07 16:41 . 2010-02-07 16:41 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-02-04 20:09 . 2010-02-04 20:09 503808 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcp71.dll
2010-02-04 20:09 . 2010-02-04 20:09 348160 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcr71.dll
2010-02-04 20:09 . 2010-02-04 20:09 499712 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\jmc.dll
2010-02-04 20:09 . 2010-02-04 20:09 61440 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-sse.dll
2010-02-04 20:09 . 2010-02-04 20:09 12800 ----a-w- c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-d3d.dll
2010-02-04 20:04 . 2007-06-17 06:59 149440 ----a-w- c:\documents and settings\M Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 20:04 . 2010-02-04 20:04 -------- d-----w- c:\documents and settings\M Chung\Application Data\Logitech
2010-02-03 11:32 . 2008-08-23 11:04 -------- d-----w- c:\program files\Sun
2010-02-03 11:30 . 2005-04-09 08:52 -------- d-----w- c:\program files\Java
2010-02-03 04:52 . 2007-09-14 14:04 4605952 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-02-03 04:12 . 2010-03-07 04:37 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-02-03 04:12 . 2010-03-07 04:37 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-02-03 04:10 . 2010-03-07 04:37 3633152 ----a-w- c:\windows\system32\aticaldd.dll
2010-02-03 04:07 . 2010-03-07 04:37 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-02-03 04:02 . 2010-03-07 04:37 14188544 ----a-w- c:\windows\system32\atioglxx.dll
2010-02-03 03:50 . 2004-05-07 03:16 3566048 ----a-w- c:\windows\system32\ati3duag.dll
2010-02-03 03:40 . 2010-03-07 04:37 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-02-03 03:39 . 2010-03-07 04:37 301568 ----a-w- c:\windows\system32\ati2dvag.dll
2010-02-03 03:35 . 2004-05-07 03:16 2176640 ----a-w- c:\windows\system32\ativvaxx.dll
2010-02-03 03:34 . 2010-03-07 04:37 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-02-03 03:34 . 2010-03-07 04:37 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-02-03 03:32 . 2010-03-07 04:37 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2010-02-03 03:23 . 2010-03-07 04:37 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-02-03 03:23 . 2010-03-07 04:37 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-02-03 03:23 . 2010-03-07 04:37 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-02-03 03:23 . 2010-03-07 04:37 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-02-03 03:22 . 2010-03-07 04:37 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-02-03 03:21 . 2010-03-07 04:37 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-02-03 03:19 . 2010-03-07 04:37 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-02-03 03:19 . 2010-03-07 04:37 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-02-03 03:18 . 2010-03-07 04:37 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-02-03 03:18 . 2010-03-07 04:37 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-03 03:17 . 2010-03-07 04:37 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-02-03 03:15 . 2010-03-07 04:37 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-02-03 03:12 . 2010-03-07 04:37 180224 ----a-w- c:\windows\system32\atiadlxx.dll
2010-02-03 03:12 . 2010-03-07 04:37 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-02-03 03:06 . 2004-05-07 03:15 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-02-02 08:37 . 2005-04-06 13:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-02 08:37 . 2009-10-27 10:01 -------- d-----w- c:\program files\Macromedia
2010-02-02 08:37 . 2009-10-27 10:03 -------- d-----w- c:\program files\Common Files\Macromedia
2010-02-02 08:20 . 2010-02-02 08:19 -------- d-----w- c:\program files\Hypersnap
2010-01-29 07:54 . 2010-01-18 04:54 -------- d-----w- c:\documents and settings\S Chung\Application Data\Auslogics
2010-01-29 07:48 . 2010-01-18 04:54 -------- d-----w- c:\program files\Auslogics
2010-01-28 10:32 . 2010-01-28 10:32 -------- d-----w- c:\program files\New Folder
2010-01-28 10:02 . 2009-07-23 10:26 -------- d-----w- c:\program files\Paint.NET
2010-01-28 09:58 . 2009-06-21 02:44 149440 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-28 07:11 . 2010-01-28 07:03 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-01-28 07:03 . 2010-01-28 07:03 9158 ----a-r- c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-01-27 05:12 . 2008-07-03 07:37 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-27 04:38 . 2008-07-03 07:38 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-27 01:44 . 2009-10-25 05:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-26 21:21 . 2009-05-26 08:12 -------- d-----w- c:\program files\Logitech
2010-01-26 21:17 . 2009-05-26 08:12 -------- d-----w- c:\program files\Common Files\Logitech
2010-01-26 11:20 . 2010-01-26 11:20 -------- d-----w- c:\program files\Realtek AC97
2010-01-26 09:29 . 2010-01-26 09:29 -------- d-----w- c:\program files\Driver-Soft
2010-01-26 04:16 . 2010-01-26 04:16 -------- d-----w- c:\documents and settings\S Chung\Application Data\Simply Super Software
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2000-01-01 00:00 . 2000-01-01 00:00 23 --sh--r- c:\windows\mtlid64s2.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 08:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-01-22 67128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"DNTVSchedulerProTray Icon"="c:\program files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe" [2009-03-14 167936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 03:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 01:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Battle For Middle Earth I\\game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Call of Duty Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Nexon\\Combat Arms\\NMService.exe"=
"h:\combat arms\CombatArms.exe"= h:\combat arms\CombatArms.exe:*Enabled:CombatArms.exe
"h:\combat arms\Engine.exe"= h:\combat arms\Engine.exe:*Enabled:Engine.exe
"h:\\Combat Arms\\NMService.exe"=
"h:\\Prince of Persia\\Prince of Persia.exe"=
"h:\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"h:\\BFME2\\game.dat"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\S Chung\\Desktop\\ \\Downloads\\utorrent(2).exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58508:TCP"= 58508:TCP:Pando Media Booster
"58508:UDP"= 58508:UDP:Pando Media Booster
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [26/01/2010 2:06 PM 207792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 AM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21/03/2010 1:28 PM 108289]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [26/01/2010 2:08 PM 112592]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [15/10/2009 12:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [15/10/2009 12:30 AM 476528]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/01/2010 11:38 AM 10384]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [16/02/2010 8:48 PM 17984]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SuperMounter;SuperMounter;
S2 DNTVSchedulerPro;DNTV Scheduler Pro Service;c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf --> c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf [?]
S2 gupdate1ca0c3d8ecb7ade;Google Update Service (gupdate1ca0c3d8ecb7ade);c:\program files\Google\Update\GoogleUpdate.exe [24/07/2009 8:03 PM 133104]
S2 msrvc;msrvc;c:\ssrcc\msrvc.exe --> c:\ssrcc\msrvc.exe [?]
S2 ssrcc;ssrcc;c:\ssrcc\ssrcc.exe --> c:\ssrcc\ssrcc.exe [?]
S3 gagp440p;gAGP440p;
S3 lwadihid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [24/06/2008 8:01 PM 20864]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 AM 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [26/01/2010 2:10 PM 359624]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]
2010-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-02 09:01]
2010-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]
2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]
2010-03-21 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-03-01 11:20]
2010-03-21 c:\windows\Tasks\Norton Security Scan for S Chung.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-03-02 09:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-VLC media player - k:\my computer\My Videos\VLC Media Player\VLC\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 16:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\sys_drv.dat 9036 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\windows\system32\WinFLdrv.sys 17984 bytes executable
c:\documents and settings\S Chung\Application Data\systemfl.$dk 990 bytes
scan completed successfully
hidden files: 4
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atapi]
"ImagePath"="System32\Drivers\atapi.svs"
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(876)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-03-24 16:27:42
ComboFix-quarantined-files.txt 2010-03-24 05:27
ComboFix2.txt 2010-02-25 07:51
Pre-Run: 13,737,954,816 bytes free
Post-Run: 13,862,326,272 bytes free
- - End Of File - - 103B9726A1F4ECD5CDE9533D4614239E
-
That isn't much. Let's check out the HOSTS file. I think it is blocking the sites you cannot go to. (SuperAntiSpyware MBAM etc)
Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky (http://telecharger.kaspersky.fr/GSI/GetSystemInfo.exe) and save it to your Desktop.
(http://www.spywareinfoforum.com/style_images/ip.boardpr/folder_post_icons/icon13.gif) Please close all other applications running on your system.
Please double click GetSystemInfo.exe to open it.
Click the Settings button.(http://i40.tinypic.com/2hd457o.gif)
(http://i41.tinypic.com/34gul1w.gif)
Set it to Maximum
(http://i41.tinypic.com/2n9gldh.gif)
(http://www.spywareinfoforum.com/style_images/ip.boardpr/folder_post_icons/icon13.gif) IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.
Click Create Report to run it.(http://i44.tinypic.com/2ekm73m.gif)
It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser (http://www.getsysteminfo.com) and click the Submit button.
Please copy and paste the url of the GSI Parser report (not the log) in your next reply.
-
http://www.getsysteminfo.com/read.php?file=209b3cdc36893b21932b2fb7be8c726f
btw for future GetSystemInfo's for other ppl, it auto uploads to Kaspersky GSI Parser
-
Please download OTM (http://oldtimer.geekstogo.com/OTM.exe)
- Save it to your desktop.
- Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose Copy):
:files
C:\WINDOWS\system32\caacedfedaadeca.dll
C:\WINDOWS\system32\DNT1.dll
C:\WINDOWS\system32\DNT2.dll
C:\WINDOWS\system32\DNT3.dll
C:\WINDOWS\system32\DNT4.dll
C:\WINDOWS\system32\OOD2KBS.exe
C:\WINDOWS\system32\ood2kmsg.dll
C:\WINDOWS\system32\OODCSPRO.dll
:commands
[purity]
[emptytemp]
[reboot]- Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.
-
All processes killed
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\caacedfedaadeca.dll
C:\WINDOWS\system32\caacedfedaadeca.dll moved successfully.
C:\WINDOWS\system32\DNT1.dll moved successfully.
C:\WINDOWS\system32\DNT2.dll moved successfully.
C:\WINDOWS\system32\DNT3.dll moved successfully.
C:\WINDOWS\system32\DNT4.dll moved successfully.
C:\WINDOWS\system32\OOD2KBS.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ood2kmsg.dll
C:\WINDOWS\system32\ood2kmsg.dll moved successfully.
C:\WINDOWS\system32\OODCSPRO.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: All Users
User: All Users.WINDOWS
User: CS Chung
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297067 bytes
->Java cache emptied: 19431866 bytes
->FireFox cache emptied: 41971127 bytes
->Flash cache emptied: 4577 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 67015797 bytes
->Flash cache emptied: 1487 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService.NT AUTHORITY
->Temp folder emptied: 1984776 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 4360068 bytes
User: M Chung
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297723 bytes
->Java cache emptied: 67034502 bytes
->FireFox cache emptied: 48346844 bytes
->Flash cache emptied: 40412 bytes
User: MSOCache
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService.NT AUTHORITY
->Temp folder emptied: 1985080 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes
User: S Chung
->Temp folder emptied: 1430880 bytes
->Temporary Internet Files folder emptied: 10899199 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58731322 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 9101 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 21466278 bytes
%systemroot%\System32 .tmp files removed: 5786641 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1040547 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33661 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 337.00 mb
OTM by OldTimer - Version 3.1.10.1 log created on 03252010_191021
Files moved on Reboot...
C:\Documents and Settings\S Chung\Local Settings\Temp\~DF4ED.tmp moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\XUL.mfl moved successfully.
File C:\WINDOWS\temp\ZLT0042f.TMP not found!
Registry entries deleted on Reboot...
-
Please run a free online scan with the ESET Online Scanner (http://www.eset.com/onlinescan/)
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options Remove found threats and the option Scan unwanted applications is checked
- Click Scan (This scan can take several hours, so please be patient)
- Once the scan is completed, you may close the window
- Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
-
it's taking a really long time =.= aka. 5% after 30 mins
-
Post the log when done.
-
ok... it screws up. It ends up saying something like: No File. Windows has failed writing. i tried it 2 times
-
Try a different one.
Please do a scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)
Click on the Accept button and install any components it needs.- The program will install and then begin downloading the latest definition files.
- After the files have been downloaded on the left side of the page in the Scan section select My Computer.
- This will start the program and scan your system.
- The scan will take a while, so be patient and let it run.
- Once the scan is complete, click on View scan report
- Now, click on the Save Report as button.
- Save the file to your desktop.
- Copy and paste that information in your next post.
-
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, March 30, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, March 29, 2010 21:36:02
Records in database: 3898164
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Objects scanned 242308
Threats found 1
Infected objects found 2
Suspicious objects found 0
Scan duration 06:09:41
File name Threat Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Program Files\mIRC\mirc.exe.bak Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
Selected area has been scanned.
Took so long =.=
-
Clean. ;D
-
ty ;)
for ur help. My windows login startup is faster :P
-
You're welcome.