Author Topic: Google Redirect (Read 49188 times)

Kerjifire · « **on:** February 24, 2010, 03:48:08 AM »

When ever i click on a link Google redirects me to random sites. I read about ppls atapi.sys being infected.

This is my log 1/40 for the scan
http://www.virustotal.com/analisis/b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9-1267008170

Dr Jay · « **Reply #1 on:** February 24, 2010, 07:47:05 AM »

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Kerjifire · « **Reply #2 on:** February 24, 2010, 11:38:40 PM »

the Combofix won't load, like the green blocks reach the end, but the Blue Cmd Screen doesn't pop-up

, oh & i forgot to mention that my Malwarebytes, Super-Antispyware & Ad-aware free r not updating

Kerjifire · « **Reply #3 on:** February 25, 2010, 12:55:47 AM »

Sorry About Double Post But I loaded combofix for around 1 hr & it finally worked but i'm still getting redirects. Heres my log

ComboFix 10-02-24.03 - S Chung 25/02/2010 18:33:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1494 [GMT 11:00]
Running from: c:\documents and settings\S Chung\Desktop\ \Downloadz\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\S Chung\Application Data\.#
c:\windows\system32\spool\prtprocs\w32x86\00002642.tmp
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-23 11:21 . 2010-02-23 11:21   --------   d-----w-   c:\program files\Combined Community Codec Pack
2010-02-23 11:16 . 2009-06-07 05:24   180224   ----a-w-   c:\windows\system32\xvidvfw.dll
2010-02-23 11:16 . 2009-06-07 05:16   819200   ----a-w-   c:\windows\system32\xvidcore.dll
2010-02-23 11:16 . 2010-02-23 11:16   --------   d-----w-   c:\program files\Xvid
2010-02-23 05:53 . 2010-02-23 05:58   --------   d-----w-   c:\program files\MegaLeecher
2010-02-22 07:22 . 2010-02-24 12:04   --------   d-----w-   c:\documents and settings\S Chung\Application Data\uTorrent
2010-02-19 07:58 . 2010-01-07 05:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 07:58 . 2010-02-19 07:58   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-02-19 07:58 . 2010-01-07 05:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-18 08:44 . 2010-02-18 08:44   --------   dc-h--w-   c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-18 08:44 . 2010-02-04 15:53   2954656   -c--a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-18 08:30 . 2010-02-18 08:30   15880   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-18 08:29 . 2010-02-18 08:29   163728   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-18 08:29 . 2010-02-18 08:29   327000   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-18 08:29 . 2010-02-18 08:29   87496   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-16 09:48 . 2010-02-16 09:48   180224   ----a-w-   c:\windows\system32\WinVd32.sys
2010-02-16 09:48 . 2010-02-16 09:48   7680   ----a-w-   c:\windows\system32\WinFLsrv.exe
2010-02-16 06:37 . 2010-02-16 06:54   --------   d-----w-   c:\program files\Audio Mid Recorder
2010-02-13 05:29 . 2010-02-13 05:29   --------   d-----w-   c:\documents and settings\S Chung\Application Data\dvdcss
2010-02-12 11:04 . 2010-02-13 08:37   --------   d-----w-   c:\documents and settings\S Chung\Application Data\vlc
2010-02-11 06:29 . 2010-02-22 07:22   --------   d-----w-   c:\program files\uTorrent
2010-02-10 11:12 . 2010-02-10 11:12   --------   d-----w-   c:\documents and settings\S Chung\Application Data\AVS4YOU
2010-02-10 11:09 . 2008-08-13 00:22   1700352   ----a-w-   c:\windows\system32\GdiPlus.dll
2010-02-09 11:13 . 2010-02-17 09:39   --------   d-----w-   c:\documents and settings\S Chung\Local Settings\Application Data\Adobe
2010-02-09 11:13 . 2010-02-09 11:13   --------   d-----w-   c:\program files\Common Files\Adobe
2010-02-07 16:41 . 2010-02-07 16:41   86016   ----a-w-   c:\windows\system32\frapsvid.dll
2010-02-06 11:20 . 2010-02-11 18:42   162512   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-02-06 11:20 . 2010-02-11 18:38   19024   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-02-06 11:20 . 2010-02-11 18:39   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-02-06 11:20 . 2010-02-11 18:42   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-02-06 11:20 . 2010-02-11 18:38   100432   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-02-06 11:20 . 2010-02-11 18:38   94800   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-02-06 11:20 . 2010-02-11 18:38   28880   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-02-06 11:19 . 2010-02-11 18:53   38848   ----a-w-   c:\windows\system32\avastSS.scr
2010-02-06 11:19 . 2010-02-11 18:53   153184   ----a-w-   c:\windows\system32\aswBoot.exe
2010-02-04 20:09 . 2010-02-04 20:09   503808   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcp71.dll
2010-02-04 20:09 . 2010-02-04 20:09   348160   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcr71.dll
2010-02-04 20:09 . 2010-02-04 20:09   499712   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\jmc.dll
2010-02-04 20:09 . 2010-02-04 20:09   61440   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-sse.dll
2010-02-04 20:09 . 2010-02-04 20:09   12800   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-d3d.dll
2010-02-04 20:08 . 2010-02-04 20:08   --------   d-----w-   c:\documents and settings\M Chung\Local Settings\Application Data\Symantec
2010-02-04 20:04 . 2010-02-04 20:04   --------   d-----w-   c:\documents and settings\M Chung\Application Data\Logitech
2010-02-02 08:19 . 2010-02-02 08:20   --------   d-----w-   c:\program files\Hypersnap
2010-01-29 11:38 . 2010-01-29 11:38   --------   d-----w-   c:\documents and settings\S Chung\Local Settings\Application Data\RapidSolution
2010-01-28 10:32 . 2010-01-28 10:32   --------   d-----w-   c:\program files\New Folder
2010-01-28 09:46 . 2010-01-28 09:46   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2010-01-28 09:05 . 2010-01-28 09:05   10134   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{638965F2-4A84-F3D5-DE33-FE6A8B1EF01C}\ARPPRODUCTICON.exe
2010-01-28 08:44 . 2007-09-14 10:05   593920   ------w-   c:\windows\system32\ati2sgag.exe
2010-01-28 08:33 . 2010-01-28 08:33   --------   d-----w-   c:\program files\ATI
2010-01-28 07:03 . 2010-01-28 07:03   9158   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-01-28 07:03 . 2010-01-28 07:11   --------   d-----w-   c:\program files\Common Files\ATI Technologies
2010-01-26 21:20 . 2010-01-26 21:20   --------   d-----w-   c:\documents and settings\S Chung\Local Settings\Application Data\Logitech
2010-01-26 11:20 . 2006-08-01 04:02   49152   ----a-w-   c:\windows\system32\ChCfg.exe
2010-01-26 11:20 . 2010-01-26 11:20   --------   d-----w-   c:\program files\Realtek AC97
2010-01-26 11:18 . 2009-12-14 01:33   53248   ----a-w-   c:\windows\system32\CSVer.dll
2010-01-26 09:29 . 2010-01-26 09:29   --------   d-----w-   c:\program files\Driver-Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 06:33 . 2007-06-21 11:13   --------   d---a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-02-24 11:28 . 2010-02-24 11:30   2971136   ----a-w-   c:\windows\Internet Logs\xDB2E.tmp
2010-02-24 11:28 . 2010-02-24 11:30   1784832   ----a-w-   c:\windows\Internet Logs\xDB2D.tmp
2010-02-23 11:21 . 2009-07-02 01:31   --------   d-----w-   c:\program files\DivX
2010-02-23 11:20 . 2009-07-02 01:31   --------   d-----w-   c:\program files\Common Files\DivX Shared
2010-02-23 10:37 . 2010-02-23 10:39   2961408   ----a-w-   c:\windows\Internet Logs\xDB2C.tmp
2010-02-23 10:37 . 2010-02-23 10:39   3003904   ----a-w-   c:\windows\Internet Logs\xDB2B.tmp
2010-02-23 07:43 . 2008-08-03 09:07   401408   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-23 07:43 . 2008-08-03 09:07   765952   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-21 11:15 . 2009-11-27 05:41   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Skype
2010-02-21 11:12 . 2008-09-02 07:30   --------   d-----r-   c:\program files\Skype
2010-02-21 11:11 . 2008-09-02 07:30   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2010-02-21 10:37 . 2010-01-26 03:06   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-02-18 08:44 . 2008-04-25 05:16   --------   d-----w-   c:\program files\Lavasoft
2010-02-18 08:30 . 2009-12-26 11:06   862040   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-18 08:30 . 2009-12-26 11:06   206944   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-18 08:30 . 2009-12-26 11:06   390288   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-18 08:29 . 2009-12-26 11:06   537576   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-18 08:29 . 2009-12-26 11:06   389784   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-18 08:29 . 2009-12-26 11:05   6296864   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-18 08:29 . 2009-12-26 11:05   933120   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-18 08:29 . 2010-01-23 08:44   3803208   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-18 08:29 . 2009-12-26 11:05   816784   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-18 08:29 . 2009-12-26 11:05   823928   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-18 08:29 . 2009-12-26 11:05   1643272   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-18 08:29 . 2009-12-26 11:05   788880   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-18 08:29 . 2009-12-26 11:05   1181328   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-17 09:29 . 2010-01-26 01:28   117760   ----a-w-   c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-17 09:28 . 2009-06-07 06:33   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-16 06:35 . 2007-08-25 04:54   --------   d-----w-   c:\program files\Common Files\AVSMedia
2010-02-16 06:35 . 2009-12-07 02:03   --------   d-----w-   c:\program files\AVS4YOU
2010-02-16 06:25 . 2009-11-26 08:15   --------   d-----w-   c:\program files\Mp3tag
2010-02-14 00:27 . 2010-01-26 03:06   --------   d-----w-   c:\program files\Spyware Doctor
2010-02-10 09:47 . 2010-02-10 09:48   1260032   ----a-w-   c:\windows\Internet Logs\xDB2A.tmp
2010-02-04 20:04 . 2007-06-17 06:59   149440   ----a-w-   c:\documents and settings\M Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 15:53 . 2009-12-26 11:07   64288   ----a-w-   c:\windows\system32\drivers\Lbd.sys
2010-02-03 11:32 . 2008-08-23 11:04   --------   d-----w-   c:\program files\Sun
2010-02-03 11:30 . 2005-04-09 08:52   --------   d-----w-   c:\program files\Java
2010-02-02 08:37 . 2005-04-06 13:23   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-02-02 08:37 . 2009-10-27 10:01   --------   d-----w-   c:\program files\Macromedia
2010-02-02 08:37 . 2009-10-27 10:03   --------   d-----w-   c:\program files\Common Files\Macromedia
2010-01-29 07:54 . 2010-01-18 04:54   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Auslogics
2010-01-29 07:48 . 2010-01-18 04:54   --------   d-----w-   c:\program files\Auslogics
2010-01-28 10:02 . 2009-07-23 10:26   --------   d-----w-   c:\program files\Paint.NET
2010-01-28 09:58 . 2009-06-21 02:44   149440   ----a-w-   c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-28 09:09 . 2009-10-25 04:12   --------   d-----w-   c:\program files\ATI Technologies
2010-01-27 05:12 . 2008-07-03 07:37   215104   ----a-w-   c:\windows\system32\PnkBstrB.exe
2010-01-27 04:38 . 2008-07-03 07:38   138576   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2010-01-27 01:44 . 2009-10-25 05:09   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-01-26 21:21 . 2009-05-26 08:12   --------   d-----w-   c:\program files\Logitech
2010-01-26 21:17 . 2009-05-26 08:12   --------   d-----w-   c:\program files\Common Files\Logitech
2010-01-26 04:16 . 2010-01-26 04:16   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Simply Super Software
2010-01-26 04:16 . 2010-01-26 04:16   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Simply Super Software
2010-01-26 03:06 . 2010-01-26 03:06   --------   d-----w-   c:\documents and settings\S Chung\Application Data\PC Tools
2010-01-26 01:32 . 2010-01-26 01:28   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-01-26 01:31 . 2010-01-26 01:31   52224   ----a-w-   c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-26 01:28 . 2010-01-26 01:28   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-01-26 01:28 . 2010-01-26 01:28   65024   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-01-26 01:28 . 2010-01-26 01:28   5120   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-01-26 01:28 . 2010-01-26 01:28   --------   d-----w-   c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com
2010-01-25 11:41 . 2009-12-14 08:01   --------   d-----w-   c:\program files\Replay Music 3
2010-01-25 06:03 . 2010-01-25 05:56   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Error Fix
2010-01-25 06:02 . 2010-01-25 05:56   --------   d-----w-   c:\program files\Error Fix
2010-01-25 05:37 . 2005-04-09 08:52   --------   d-----w-   c:\program files\Common Files\Java
2010-01-25 05:36 . 2010-01-25 05:36   61440   ----a-w-   c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c4c06a6-n\decora-sse.dll
2010-01-25 05:36 . 2010-01-25 05:36   503808   ----a-w-   c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20410059-n\msvcp71.dll
2010-01-25 05:36 . 2010-01-25 05:36   499712   ----a-w-   c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20410059-n\jmc.dll
2010-01-25 05:36 . 2010-01-25 05:36   348160   ----a-w-   c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20410059-n\msvcr71.dll
2010-01-25 05:36 . 2010-01-25 05:36   12800   ----a-w-   c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c4c06a6-n\decora-d3d.dll
2010-01-25 05:03 . 2010-01-25 05:03   --------   d-----w-   c:\documents and settings\S Chung\Application Data\ScanSoft
2010-01-25 05:03 . 2010-01-25 05:03   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\SSScanWizard
2010-01-25 05:03 . 2010-01-25 05:03   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
2010-01-25 05:03 . 2007-02-03 10:28   --------   d-----w-   c:\program files\Common Files\ScanSoft Shared
2010-01-25 04:58 . 2010-01-25 04:58   --------   d-----w-   c:\program files\ArcSoft
2010-01-25 04:56 . 2006-02-07 12:05   --------   d-----w-   c:\program files\Canon
2010-01-25 00:06 . 2010-01-24 10:55   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2010-01-24 23:46 . 2010-01-24 23:58   140288   ----a-w-   c:\windows\Internet Logs\xDB29.tmp
2010-01-24 10:55 . 2008-07-05 13:36   --------   d-----w-   c:\program files\Alwil Software
2010-01-23 08:34 . 2005-04-30 13:35   --------   d-----w-   c:\program files\QuickTime
2010-01-23 08:31 . 2008-12-08 03:22   --------   d-----w-   c:\program files\Common Files\Apple
2010-01-23 08:30 . 2008-08-18 08:54   --------   d-----w-   c:\program files\Apple Software Update
2010-01-23 00:41 . 2010-01-23 00:41   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Logitech
2010-01-23 00:38 . 2010-01-23 00:38   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Leadertech
2010-01-23 00:38 . 2009-05-26 08:25   --------   d-----w-   c:\program files\Common Files\Logishrd
2010-01-23 00:38 . 2009-05-26 08:27   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\LogiShrd
2010-01-23 00:36 . 2010-01-23 00:36   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Logitech
2010-01-23 00:09 . 2010-01-23 00:11   2403840   ----a-w-   c:\windows\Internet Logs\xDB28.tmp
2010-01-22 23:33 . 2010-01-22 23:39   2400768   ----a-w-   c:\windows\Internet Logs\xDB27.tmp
2010-01-22 06:58 . 2010-01-22 07:38   2399744   ----a-w-   c:\windows\Internet Logs\xDB26.tmp
2010-01-22 06:58 . 2010-01-22 07:38   49664   ----a-w-   c:\windows\Internet Logs\xDB25.tmp
2010-01-22 05:17 . 2007-11-11 03:37   4828308   ----a-w-   c:\windows\Internet Logs\tvDebug.Zip
2010-01-21 05:10 . 2010-01-21 07:34   69120   ----a-w-   c:\windows\Internet Logs\xDB24.tmp
2010-01-20 22:07 . 2009-03-28 02:51   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-01-18 06:15 . 2010-01-18 06:17   2381312   ----a-w-   c:\windows\Internet Logs\xDB23.tmp
2010-01-18 06:15 . 2010-01-18 06:17   65024   ----a-w-   c:\windows\Internet Logs\xDB22.tmp
2010-01-17 03:38 . 2010-01-17 03:39   58880   ----a-w-   c:\windows\Internet Logs\xDB21.tmp
2010-01-16 08:21 . 2010-01-16 23:22   134656   ----a-w-   c:\windows\Internet Logs\xDB20.tmp
2009-12-31 16:50 . 2004-08-04 12:00   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-31 07:08 . 2009-12-31 07:08   10134   ----a-r-   c:\documents and settings\M Chung\Application Data\Microsoft\Installer\{638965F2-4A84-F3D5-DE33-FE6A8B1EF01C}\ARPPRODUCTICON.exe
2009-12-27 05:50 . 2009-12-28 00:52   204800   ----a-w-   c:\windows\Internet Logs\xDB1F.tmp
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
2000-01-01 00:00 . 2000-01-01 00:00   23   --sh--r-   c:\windows\mtlid64s2.dat
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 08:22   333192   ----a-w-   c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-01-22 67128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"DNTVSchedulerProTray Icon"="c:\program files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe" [2009-03-14 167936]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 03:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 01:28   72208   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Battle For Middle Earth I\\game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Call of Duty Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Nexon\\Combat Arms\\NMService.exe"=
"h:\combat arms\CombatArms.exe"= h:\combat arms\CombatArms.exe:*Enabled:CombatArms.exe
"h:\combat arms\Engine.exe"= h:\combat arms\Engine.exe:*Enabled:Engine.exe
"h:\\Combat Arms\\NMService.exe"=
"h:\\Prince of Persia\\Prince of Persia.exe"=
"h:\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"h:\\BFME2\\game.dat"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\S Chung\\Desktop\\ \\Downloadz\\utorrent(2).exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58508:TCP"= 58508:TCP:Pando Media Booster
"58508:UDP"= 58508:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26/12/2009 10:07 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [26/01/2010 2:06 PM 207792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/02/2010 10:20 PM 162512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8:43 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/02/2010 10:20 PM 19024]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [26/01/2010 2:08 PM 112592]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/01/2010 11:38 AM 10384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/02/2010 6:58 PM 236368]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [16/02/2010 8:48 PM 17984]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/02/2010 6:58 PM 19160]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 DNTVSchedulerPro;DNTV Scheduler Pro Service;c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf --> c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf [?]
S2 gupdate1ca0c3d8ecb7ade;Google Update Service (gupdate1ca0c3d8ecb7ade);c:\program files\Google\Update\GoogleUpdate.exe [24/07/2009 8:03 PM 133104]
S2 msrvc;msrvc;c:\ssrcc\msrvc.exe --> c:\ssrcc\msrvc.exe [?]
S2 ssrcc;ssrcc;c:\ssrcc\ssrcc.exe --> c:\ssrcc\ssrcc.exe [?]
S3 gagp440p;gAGP440p;

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [5/02/2010 2:52 AM 1228208]
S3 lwadihid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [24/06/2008 8:01 PM 20864]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8:43 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [26/01/2010 2:10 PM 359624]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52]

2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]

2010-02-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-02 09:01]

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5adf3171372.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]

2009-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]

2010-02-19 c:\windows\Tasks\Malwarebytes' Scheduled Scan for S Chung.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-02-19 05:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: buttongenerator.com
Trusted Zone: wtso.net\www
TCP: {871466D7-BD14-429F-A174-40DED368A122} = 93.188.163.113,93.188.161.83
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 18:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\sys_drv.dat 9036 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\windows\system32\WinFLdrv.sys 17984 bytes executable
c:\documents and settings\S Chung\Application Data\systemfl.$dk 990 bytes

scan completed successfully
hidden files: 4

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A6278C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf758ecb8
\Driver\atapi -> atapi.sys @ 0xf7483b3a
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1412)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-25 18:51:29
ComboFix-quarantined-files.txt 2010-02-25 07:51
ComboFix2.txt 2010-02-04 08:28

Pre-Run: 20,544,013,824 bytes free
Post-Run: 20,515,973,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\="Unidentified operating system on drive C."

- - End Of File - - 338F557B0607EB00986C291F98BBD68B

Dr Jay · « **Reply #4 on:** February 25, 2010, 07:56:12 AM »

Please download <a href="http://www.helpmyos.com/Cheetah-php-h15.htm?cheetah.zip" target="_blank">Cheetah-Anti-Rogue[/url], and save to your Desktop.

Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
Double-click on Cheetah-Anti-Rogue.cmd to start.
It will finish quickly and launch a log.
Post the contents of it in your next reply.

Kerjifire · « **Reply #5 on:** February 25, 2010, 10:48:26 PM »

Cheetah-Anti-Rogue v1.3.11
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 26/02/2010 - Time: 16:47:57 - Arch.: x86

-- Malware removal tools check --
CCleaner
Malwarebytes' Anti-Malware
SUPERAntiSpyware

-- Known infection --

Extra message: Detection only.

EOF

Dr Jay · « **Reply #6 on:** February 25, 2010, 11:03:39 PM »

Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Kerjifire · « **Reply #7 on:** February 26, 2010, 01:14:20 AM »

My Malwarebytes won't update. Virus

, oh & i got the BSOD when first starting the scan

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/02/2010 7:13:12 PM
mbam-log-2010-02-26 (19-13-12).txt

Scan type: Quick Scan
Objects scanned: 172933
Time elapsed: 17 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dr Jay · « **Reply #8 on:** February 26, 2010, 03:47:00 PM »

Download WhoCrashed from here
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it Say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply

Kerjifire · « **Reply #9 on:** February 26, 2010, 04:38:11 PM »

Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

No valid crash dumps have been found on your computer

--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

Dr Jay · « **Reply #10 on:** February 26, 2010, 04:51:46 PM »

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.

Set it to Maximum

IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.

Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Kerjifire · « **Reply #11 on:** February 26, 2010, 06:04:09 PM »

http://www.getsysteminfo.com/read.php?file=e0d1337a2a81abbe3a481a61d1e0a6af

Dr Jay · « **Reply #12 on:** February 27, 2010, 08:39:06 AM »

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Kerjifire · « **Reply #13 on:** February 27, 2010, 09:41:24 PM »

it keeps on going Not Responding when i leave it for 15m alone.

Dr Jay · « **Reply #14 on:** February 27, 2010, 09:42:17 PM »

Please download OTS by OldTimer and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS to start the program (if you are running on Vista then right-click the program and
choose Run as Administrator).
At the top, tick on Scan All Users section
At File Age set it to 90 Days
In the Processes, Modules, Services, Drivers, and Registry
section, please set on Safe List.
In the Files Created Within and Files Modified Within section, set it to File Age
At the bottom, tick on all Safe List and Use Company Name WhiteList option
Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - Ext
Reg - IE
Explorer Bar
Reg - NetSvcs
Reg - Safeboot Minimal
Reg - Safeboot Network
File - Lop Check
File - Purity Scan

Do NOT change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Kerjifire · « **Reply #15 on:** March 01, 2010, 02:58:20 AM »

The txt file was in the folder but my OTL finished like this in the attachment.

[Saving space, attachment deleted by admin]

Dr Jay · « **Reply #16 on:** March 01, 2010, 11:58:53 AM »

Hi

Instead of attaching it, please copy and paste the report in to about two replies here.

Kerjifire · « **Reply #17 on:** March 01, 2010, 10:10:32 PM »

OTL logfile created on: 28/02/2010 2:18:12 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\S Chung\Desktop\ \Downloadz
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.74 Gb Total Space | 15.19 Gb Free Space | 23.47% Space Free | Partition Type: NTFS
Drive D: | 45.25 Gb Total Space | 11.27 Gb Free Space | 24.92% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 4.55 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 20.62 Gb Free Space | 52.78% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 199.73 Gb Total Space | 135.51 Gb Free Space | 67.85% Space Free | Partition Type: NTFS
Drive I: | 296.53 Gb Total Space | 13.07 Gb Free Space | 4.41% Space Free | Partition Type: NTFS
Drive J: | 329.06 Gb Total Space | 214.31 Gb Free Space | 65.13% Space Free | Partition Type: NTFS

Computer Name: CSC2
Current User Name: S Chung
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/28 12:34:57 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\ \Downloadz\OTL.exe
PRC - [2010/02/12 05:53:42 | 002,756,488 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/02/12 05:53:39 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/27 16:12:17 | 000,215,104 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/17 17:14:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/07/24 20:02:47 | 000,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/22 17:38:50 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 17:37:16 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/03/14 22:28:30 | 000,167,936 | ---- | M] (Renura Enterprises Pty Ltd) -- C:\Program Files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe
PRC - [2009/03/01 10:36:35 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/02/16 01:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 01:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/26 16:28:32 | 000,061,440 | ---- | M] () -- C:\Program Files\PC-TV\WinManager\WinManager.exe
PRC - [2007/09/15 00:55:02 | 000,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007/04/16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004/10/01 13:24:48 | 000,135,168 | ---- | M] () -- C:\Program Files\DNTV Scheduler Pro\wrapper.exe
PRC - [2003/05/08 11:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

========== Modules (SafeList) ==========

MOD - [2010/02/28 12:34:57 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\ \Downloadz\OTL.exe
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/20 12:25:22 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2003/05/08 11:00:46 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ssrcc)
SRV - File not found [Auto | Stopped] -- -- (msrvc)
SRV - File not found [Auto | Running] -- -- (DNTVSchedulerPro)
SRV - [2010/02/12 05:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/12 05:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/12 05:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/05 02:52:57 | 001,228,208 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/27 16:12:17 | 000,215,104 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/24 20:02:47 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca0c3d8ecb7ade) Google Update Service (gupdate1ca0c3d8ecb7ade)
SRV - [2009/07/24 20:01:43 | 000,190,448 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/01 10:36:35 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/02/16 01:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/08/29 10:01:22 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2007/09/15 00:55:02 | 000,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/09/14 21:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/04/06 14:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page Restore =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 09 BF 1B B6 9D CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginen ame: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.3.s
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.no_proxies_on: "local"
FF - prefs.js..network.proxy.share_proxy_set tings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/14 22:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 18:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/21 18:47:09 | 000,000,000 | ---D | M]

[2009/11/24 18:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mozilla\Extensions
[2010/02/26 21:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions
[2010/01/25 15:06:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/24 18:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\[email protected]
[2010/02/02 18:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\SkipScreen@SkipScreen
[2010/02/02 18:52:32 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\searchplugins\ask.uk.xml
[2010/02/26 21:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/08 22:29:36 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/02/04 19:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DNTVSchedulerProTray Icon] C:\Program Files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe (Renura Enterprises Pty Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WinManager.lnk = C:\Program Files\PC-TV\WinManager\WinManager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: buttongenerator.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: wtso.net ([www] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256421470390 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\S Chung\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\S Chung\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/07 00:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/07 00:15:00 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/25 06:13:42 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WdfLoadGroup -
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646d-cd3c-40f4-97b9-cd9e4e6262ef} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89b4c1cd-b018-4511-b0a1-5476dbf70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MKVC - C:\WINDOWS\System32\KMVIDC32.DLL ()
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/27 15:24:47 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/27 10:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2010/02/25 19:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Desktop\Ratings
[2010/02/25 19:15:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/25 18:28:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/25 17:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Desktop\avenger
[2010/02/23 22:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/02/23 22:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/02/23 16:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\MegaLeecher
[2010/02/22 18:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/02/19 18:58:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/19 18:58:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/19 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/18 19:44:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/17 22:23:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/16 21:18:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\S Chung\Recent
[2010/02/16 19:51:11 | 000,126,976 | ---- | C] (Adavanced Systems ) -- C:\WINDOWS\System32\tton.ocx
[2010/02/16 17:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audio Mid Recorder
[2006/12/09 11:08:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/04/07 00:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/04/07 00:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/04/07 00:03:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/28 12:32:57 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/28 12:32:26 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/02/28 12:32:06 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/28 12:31:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/28 12:31:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/28 12:31:18 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/28 01:07:24 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\S Chung\NTUSER.DAT
[2010/02/28 01:07:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\S Chung\ntuser.ini
[2010/02/27 22:35:18 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/27 21:51:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/27 17:53:10 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/27 17:44:12 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\MATHS PROBLEMS Part 4.doc
[2010/02/27 15:06:17 | 003,873,931 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/02/27 12:01:07 | 000,638,548 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/27 10:36:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 22:32:31 | 003,729,202 | -H-- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\IconCache.db
[2010/02/26 22:13:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 17:28:25 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/02/26 17:07:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/25 21:23:35 | 001,190,400 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Should Australia Have An R Rating For Games.ppt
[2010/02/25 18:45:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/25 18:28:12 | 000,000,330 | RHS- | M] () -- C:\boot.ini
[2010/02/24 21:44:38 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\avenger.zip
[2010/02/24 21:25:19 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Australia should have an R rating for games.doc
[2010/02/24 21:20:59 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$stralia should have an R rating for games.doc
[2010/02/23 11:11:28 | 000,085,797 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Cheetah-Anti-Rogue.cmd
[2010/02/22 20:02:53 | 000,001,015 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Shortcut to HprSnap6.lnk
[2010/02/21 22:12:13 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk
[2010/02/21 20:37:49 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Maths Questions.doc
[2010/02/19 18:58:44 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for S Chung.job
[2010/02/18 19:55:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/18 19:44:43 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/02/16 21:19:15 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\The Most Dangerous Game Review.doc
[2010/02/16 20:48:20 | 000,180,224 | ---- | M] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 20:48:18 | 000,007,680 | ---- | M] () -- C:\WINDOWS\System32\WinFLsrv.exe
[2010/02/16 18:50:28 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$e Most Dangerous Game Review.doc
[2010/02/16 17:44:19 | 000,000,067 | ---- | M] () -- C:\WINDOWS\AudioMidRecorder.INI
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

Kerjifire · « **Reply #18 on:** March 01, 2010, 10:12:24 PM »

[2010/02/27 17:52:58 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/27 15:06:08 | 003,873,931 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/02/27 11:55:08 | 000,638,548 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/27 10:36:01 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 22:13:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 17:07:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/26 16:47:19 | 000,085,797 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Cheetah-Anti-Rogue.cmd
[2010/02/25 20:05:09 | 001,190,400 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Should Australia Have An R Rating For Games.ppt
[2010/02/25 18:28:11 | 000,000,260 | ---- | C] () -- C:\Boot.bak
[2010/02/25 18:28:08 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/25 17:10:13 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/24 21:44:37 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\avenger.zip
[2010/02/24 21:20:59 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$stralia should have an R rating for games.doc
[2010/02/23 22:16:57 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/23 22:16:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/22 21:46:38 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\MATHS PROBLEMS Part 4.doc
[2010/02/22 20:01:06 | 000,001,015 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Shortcut to HprSnap6.lnk
[2010/02/22 19:28:38 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Australia should have an R rating for games.doc
[2010/02/21 22:12:13 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Skype.lnk
[2010/02/21 19:08:33 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Maths Questions.doc
[2010/02/19 18:58:44 | 000,000,500 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for S Chung.job
[2010/02/18 19:44:43 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2010/02/16 20:48:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 20:48:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\WinFLsrv.exe
[2010/02/16 20:48:05 | 000,033,982 | ---- | C] () -- C:\WINDOWS\System32\flk-icon.ico
[2010/02/16 18:50:28 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$e Most Dangerous Game Review.doc
[2010/02/16 17:37:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2010/02/15 21:41:01 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\The Most Dangerous Game Review.doc
[2010/01/26 14:08:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/25 16:03:25 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/12/15 15:08:59 | 000,000,355 | ---- | C] () -- C:\WINDOWS\Sonic3K.INI
[2009/12/14 19:02:54 | 000,075,600 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\ReplayMusicLog.log
[2009/11/24 21:45:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/23 22:02:51 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/26 22:13:43 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/10/24 20:07:25 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2009/09/11 11:00:34 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/24 20:00:27 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/04 16:06:18 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\fusioncache.dat
[2009/06/22 20:49:58 | 000,004,904 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ypkpiykb.yyr
[2009/05/27 21:40:54 | 000,001,814 | ---- | C] () -- C:\WINDOWS\HprSnap.INI
[2009/05/26 20:19:33 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/23 00:10:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2009/05/23 00:10:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2008/11/12 07:59:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/05 22:58:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/10/12 09:36:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2008/10/12 09:36:11 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/10/12 09:36:06 | 000,000,778 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2008/10/12 09:36:06 | 000,000,080 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2008/07/03 18:38:01 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/03 18:38:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\PnkBstrK.sys
[2008/01/28 22:05:33 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/10/22 20:47:36 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\AVSDVDPlayer.m3u
[2007/09/08 18:06:57 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007/08/04 22:51:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/07/04 22:26:05 | 000,138,240 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/30 16:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/06/27 18:11:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/18 21:09:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 21:12:31 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/06/15 20:01:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7M.DLL
[2007/06/14 22:28:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/11/29 09:09:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT4.dll
[2004/11/29 09:05:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT3.dll
[2004/11/28 15:28:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT2.dll
[2004/11/28 15:11:01 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT1.dll
[2004/08/04 11:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/08 23:04:46 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\caacedfedaadeca.dll

========== LOP Check ==========

[2010/01/25 11:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2007/06/15 20:01:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2007/09/21 18:03:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Chaos Software
[2009/08/27 21:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2009/03/17 20:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Graboid Inc
[2007/11/05 13:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
[2009/10/31 11:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nexon
[2008/08/04 18:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS
[2007/06/20 21:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\pixelStorm
[2009/06/08 22:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PMB Files
[2010/01/26 15:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Simply Super Software
[2010/01/25 16:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
[2010/01/25 16:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SSScanWizard
[2010/02/28 12:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/10/02 14:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
[2009/10/15 16:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2010/02/18 19:44:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/11/25 22:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Any Video Converter
[2010/01/29 18:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Auslogics
[2010/01/25 17:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Error Fix
[2010/01/23 11:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Leadertech
[2009/11/26 19:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mp3tag
[2009/12/14 14:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\My Battle for Middle-earth(tm) II Files
[2009/11/19 21:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Registry Mechanic
[2010/01/25 16:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\ScanSoft
[2010/01/26 15:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Simply Super Software
[2009/11/20 10:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Ubisoft
[2010/02/28 01:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/02/18 19:55:26 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-02-26 05:41:04

Kerjifire · « **Reply #19 on:** March 01, 2010, 10:14:01 PM »

< MD5 for: AGP440.SYS >
[2004/08/04 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/10/25 09:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/10/25 09:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/25 09:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/10/25 09:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 23:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/14 11:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/14 11:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/14 11:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\autochk.exe
[2008/04/14 11:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 23:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/04 23:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/04 23:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 23:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\eventlog.dll
[2004/08/04 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\explorer.exe
[2007/06/13 22:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/04 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/14 11:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/14 11:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/14 11:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\imm32.dll
[2008/04/14 11:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 23:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/17 03:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2004/08/04 23:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2004/08/04 23:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/22 01:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/22 01:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/22 01:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/14 11:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/14 11:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2008/04/14 11:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\kernel32.dll
[2009/03/22 00:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: LOGEVENT.DLL >
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\logevent.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/21 04:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 23:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2004/08/04 23:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/21 04:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/21 04:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/21 04:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/21 04:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 11:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 11:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/04/14 11:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\mswsock.dll
[2008/06/21 04:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/14 06:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/14 06:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/14 06:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ndis.sys
[2008/04/14 06:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 23:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\netlogon.dll
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 22:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2008/04/14 06:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/14 06:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/14 06:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ntfs.sys
[2008/04/14 06:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 23:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2004/08/04 23:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/14 11:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/14 11:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/14 11:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ntmssvc.dll
[2008/04/14 11:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 23:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 23:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/14 11:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/14 11:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\proquota.exe
[2008/04/14 11:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 23:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 11:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/14 11:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 11:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\qmgr.dll
[2008/04/14 11:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 11:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 23:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/14 11:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/14 11:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/14 11:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\sfcfiles.dll
[2008/04/14 11:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2004/08/04 23:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2004/08/04 23:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/11 11:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/14 11:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2008/04/14 11:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/14 11:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\spoolsv.exe
[2008/04/14 11:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/14 11:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/14 11:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/14 11:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\srsvc.dll
[2008/04/14 11:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 23:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\svchost.exe
[2008/04/14 11:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 23:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/14 11:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/14 11:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/14 11:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\termsrv.dll
[2008/04/14 11:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 23:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\userinit.exe
[2008/04/14 11:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/14 11:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/14 11:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 11:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ws2_32.dll
[2008/04/14 11:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 23:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/14 11:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/14 11:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/14 11:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\xmlprov.dll
[2008/04/14 11:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 23:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2007/09/15 01:06:12 | 000,356,352 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

Kerjifire · « **Reply #20 on:** March 01, 2010, 10:14:25 PM »

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB867282\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB873333\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB885250\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB887742\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB887742\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB888113\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB888113\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB890047\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB890175\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB890175\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB893066\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB896422\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB896422\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB896424\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB899589\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB899589\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB905915\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB911567\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB911567\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB912812\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB912919\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB913446\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB916281\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB917159\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB917159\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB917422\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB918899\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB920214\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB920214\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB921398\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB921883\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB922616\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB922616\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB922760\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB923694\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB923694\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB925454\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB925486\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB925486\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB928090\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB929120\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB929120\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB929338\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\SP2QFE] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB931768\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB969059\KB969059] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB971486\KB971486] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB973525\KB973525] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB974112\KB974112] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB974455-IE8\KB974455-IE8] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB974571\KB974571] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB975025\KB975025] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$hf_mig$\KB975467\KB975467] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\.file_store_32\.file_store_32] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP106.tmp\ZAP106.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12D.tmp\ZAP12D.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14C.tmp\ZAP14C.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP158.tmp\ZAP158.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP189.tmp\ZAP189.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22.tmp\ZAP22.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33.tmp\ZAP33.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39.tmp\ZAP39.tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b699752\1.0.5000.0__b77a5c561934e089_5b699752] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a93ef261\1.0.5000.0__b03f5f7f11d50a3a_a93ef261] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_68a48036\1.0.5000.0__b03f5f7f11d50a3a_68a48036] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_e4e0a1d0\1.0.5000.0__b77a5c561934e089_e4e0a1d0] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_72b8f754\1.0.5000.0__b77a5c561934e089_72b8f754] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_720f98b4\1.0.5000.0__b77a5c561934e089_720f98b4] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\assembly\tmp\tmp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\BBSTORE\DSS\DSS] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Config\Config] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Connection Wizard\Connection Wizard] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d1\d1] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d2\d2] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d3\d3] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d4\d4] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d5\d5] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d6\d6] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d7\d7] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\CSC\d8\d8] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Debug\WPD\WPD] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Downloaded Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\{628E8630-7947-49EA-BE90-7F8BFF77A79C}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Downloaded Installations\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ftpcache\ftpcache] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\chsime\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\CHTIME\Applets\Applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imejp98\imejp98] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imjp8_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\applets\applets] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\imkr6_1\dicts\dicts] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\ime\shared\res\res] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{00180409-78E1-11D2-B60F-006097C998E7}\{00180409-78E1-11D2-B60F-006097C998E7}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{08CA9554-B5FE-4313-938F-D4A417B81175}\{08CA9554-B5FE-4313-938F-D4A417B81175}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150060}\{3248F0A8-6813-11D6-A77B-00B0D0150060}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{3CB41017-F5CA-4C56-934C-ED02156251E6}\{3CB41017-F5CA-4C56-934C-ED02156251E6}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\{83437081-8186-4F63-BD39-4BE8A691E055}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{9176251A-4CC1-4DDB-B343-B487195EB397}\{9176251A-4CC1-4DDB-B343-B487195EB397}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{9DE006A5-B384-4EDE-A760-0F217136B9EA}\{9DE006A5-B384-4EDE-A760-0F217136B9EA}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70700000002}\{AC76BA86-7AD7-1033-7B44-A70700000002}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\java\classes\classes] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\java\trustlib\trustlib] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Media\java\classes\classes] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Media\java\trustlib\trustlib] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\msapps\msinfo\msinfo] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\ErrorRep\UserDumps\UserDumps] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\BATCH\BATCH] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\Config\News\News] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\System\DFS\DFS] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\pchealth\helpctr\Temp\Temp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\PIF\PIF] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\{077ACEC7-979C-40AB-9835-435BA1511E0D}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\{30C7234B-6482-4A55-A11D-ECD9030313F2}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\{60204BB3-7078-4F70-8F69-68297621941C}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\{981FB688-E76B-4246-987B-92083185B90A}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\{A47B3654-48EE-48A5-B629-97D70175E58F}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\System] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\{DD90D410-1823-43EB-9A16-A2331BF08799}] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\RegisteredPackages\Provisioning\Schemas\Schemas] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Registration\CRMLog\CRMLog] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\setup.pss\setup.pss] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\10\msft\windows\gdiplus\gdiplus] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\dxmrtp\dxmrtp] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcdll\rtcdll] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcres\rtcres] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\vcrtl\vcrtl] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\windows\common\controls\controls] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\70\msft\windows\mswincrt\mswincrt] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ip\ip] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\lang\lang] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\download\download] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\7f3ae1c8d5ca0198c5822b2c4364147d\7f3ae1c8d5ca0198c5822b2c4364147d] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2qfe\sp2qfe] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\cf7ced0e70c80a1e476f1abf49afecb1] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\backup\backup] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\sp2gdr\sp2gdr] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\update\update] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\51ca4a3fc75deb57bb45c683cb369013\51ca4a3fc75deb57bb45c683cb369013] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\Sun\Java\Deployment\Deployment] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\SxsCaPendDel\SxsCaPendDel] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\InstallTemp\58143\58143] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2] -> \Device\__max++>\^ -> Mount Point
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217] -> \Device\__max++>\^ -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C46995DA
@Alternate Data Stream - 260 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:66633281
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0888F409
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:FB1B13D8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0C232DFB
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:B63300D1
< End of report >

Dr Jay · « **Reply #21 on:** March 01, 2010, 11:12:16 PM »

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\system32\dllcache\atapi.sys /replace

:Folders
C:\Documents and Settings\S Chung\Application Data\Error Fix

:otl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 09 BF 1B B6 9D CA 01 [binary data]
O15 - HKCU\..Trusted Domains: buttongenerator.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: wtso.net ([www] http in Trusted sites)
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

============

Do you have a proxy server enabled on both Internet Explorer or Firefox?

I am talking about these entries:

Quote

FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.no_proxies_on: "local"
FF - prefs.js..network.proxy.share_proxy_set tings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8080
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

If you do not recognize these entries, please let me know.

==========

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code: [Select]

:filefind
ssrcc*
msrvc*
*error fix*

:folderfind
ssrcc*
msrvc*
*error fix*

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

--

Please make sure the OTL and SystemLook logs are posted in your next reply. Also, please tell me if the redirects continue, and if you know about those proxy servers.

Kerjifire · « **Reply #22 on:** March 01, 2010, 11:23:54 PM »

OTL doesn't have a light green bar but OTS does.

& with the proxy thing I used to have one called INvisible Browsing but deleted it already.

Dr Jay · « **Reply #23 on:** March 02, 2010, 12:37:42 AM »

Ok. Well do the fixes, please. Post the logs back here. Thanks.

Kerjifire · « **Reply #24 on:** March 02, 2010, 01:07:47 AM »

Error: Unable to interpret <========== FILES ==========> in the current context!
Error: Unable to interpret <Unable to replace file: C:\WINDOWS\system32\drivers\atapi.sys with C:\WINDOWS\system32\dllcache\atapi.sys without a reboot.> in the current context!
Error: Unable to interpret <Error: Unable to interpret <:Folders> in the current context!> in the current context!
Error: Unable to interpret <Error: Unable to interpret <C:\Documents and Settings\S Chung\Application Data\Error Fix> in the current context!> in the current context!
Error: Unable to interpret <========== OTL ==========> in the current context!
Error: Unable to interpret <HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!> in the current context!
Error: Unable to interpret <Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buttongenerator.com\ deleted successfully.> in the current context!
Error: Unable to interpret <Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wtso.net\www\ deleted successfully.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.1.30.3 log created on 03022010_185718> in the current context!
Error: Unable to interpret <Files\Folders moved on Reboot...> in the current context!
Error: Unable to interpret <Registry entries deleted on Reboot...> in the current context!

OTL by OldTimer - Version 3.1.30.3 log created on 03022010_190603

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:16 on 02/03/2010 by S Chung (Administrator - Elevation successful)

========== filefind ==========

Searching for "ssrcc*"
No files found.

Searching for "msrvc*"
No files found.

Searching for "*error fix*"
No files found.

========== folderfind ==========

Searching for "ssrcc*"
No folders found.

Searching for "msrvc*"
No folders found.

Searching for "*error fix*"
C:\Documents and Settings\S Chung\Application Data\Error Fix d----- [05:56 25/01/2010]
C:\Program Files\Error Fix d----- [05:56 25/01/2010]

-=End Of File=-

& i still got the redirect problem

Kerjifire · « **Reply #25 on:** March 02, 2010, 03:54:57 AM »

Oh & sorry about double post but u may delete that proxy stuff if it doesn't harm my system.

Dr Jay · « **Reply #26 on:** March 02, 2010, 10:38:13 PM »

Download Win32kDiag from any of the following locations and save it to your Desktop.
Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

Kerjifire · « **Reply #27 on:** March 02, 2010, 10:43:34 PM »

Running from: C:\Documents and Settings\S Chung\Desktop\ \Downloadz\Win32kDiag.exe

Log file at : C:\Documents and Settings\S Chung\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB867282\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB873333\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB885250\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB887742\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB887742\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB888113\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB888113\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB890047\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB890175\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB890175\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB893066\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB896422\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB896422\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB896424\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB899589\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB899589\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB905915\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB911567\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB911567\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB912919\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB913446\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB917159\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB917159\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB917422\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920214\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920214\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB921398\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB921883\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922616\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922616\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB923694\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB923694\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925486\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925486\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929120\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929120\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974455-IE8\KB974455-IE8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB975467\KB975467

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\.file_store_32\.file_store_32

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b699752\1.0.5000.0__b77a5c561934e089_5b699752

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_720f98b4\1.0.5000.0__b77a5c561934e089_720f98b4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a93ef261\1.0.5000.0__b03f5f7f11d50a3a_a93ef261

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_68a48036\1.0.5000.0__b03f5f7f11d50a3a_68a48036

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_e4e0a1d0\1.0.5000.0__b77a5c561934e089_e4e0a1d0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_72b8f754\1.0.5000.0__b77a5c561934e089_72b8f754

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP106.tmp\ZAP106.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12D.tmp\ZAP12D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14C.tmp\ZAP14C.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP158.tmp\ZAP158.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP189.tmp\ZAP189.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22.tmp\ZAP22.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33.tmp\ZAP33.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39.tmp\ZAP39.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\BBSTORE\DSS\DSS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\WPD\WPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\{628E8630-7947-49EA-BE90-7F8BFF77A79C}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Downloaded Installations\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{00180409-78E1-11D2-B60F-006097C998E7}\{00180409-78E1-11D2-B60F-006097C998E7}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{08CA9554-B5FE-4313-938F-D4A417B81175}\{08CA9554-B5FE-4313-938F-D4A417B81175}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150060}\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{3CB41017-F5CA-4C56-934C-ED02156251E6}\{3CB41017-F5CA-4C56-934C-ED02156251E6}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\{83437081-8186-4F63-BD39-4BE8A691E055}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{9176251A-4CC1-4DDB-B343-B487195EB397}\{9176251A-4CC1-4DDB-B343-B487195EB397}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{9DE006A5-B384-4EDE-A760-0F217136B9EA}\{9DE006A5-B384-4EDE-A760-0F217136B9EA}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70700000002}\{AC76BA86-7AD7-1033-7B44-A70700000002}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Media\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Media\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ErrorRep\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\Provisioning\Schemas\Schemas

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\{077ACEC7-979C-40AB-9835-435BA1511E0D}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\{30C7234B-6482-4A55-A11D-ECD9030313F2}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\{60204BB3-7078-4F70-8F69-68297621941C}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\{981FB688-E76B-4246-987B-92083185B90A}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\{A47B3654-48EE-48A5-B629-97D70175E58F}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\{DD90D410-1823-43EB-9A16-A2331BF08799}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\10\msft\windows\gdiplus\gdiplus

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\dxmrtp\dxmrtp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcdll\rtcdll

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcres\rtcres

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\vcrtl\vcrtl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\windows\common\controls\controls

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\70\msft\windows\mswincrt\mswincrt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ip\ip

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\lang\lang

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\download\download

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7f3ae1c8d5ca0198c5822b2c4364147d\7f3ae1c8d5ca0198c5822b2c4364147d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\cf7ced0e70c80a1e476f1abf49afecb1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\update\update

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\51ca4a3fc75deb57bb45c683cb369013\51ca4a3fc75deb57bb45c683cb369013

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\58143\58143

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217

Mount point destination : \Device\__max++>\^

Finished!

Dr Jay · « **Reply #28 on:** March 02, 2010, 10:50:23 PM »

You got a pretty bad rootkit there.

We need to run the tool with the following command to fix some malware related changes.

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Kerjifire · « **Reply #29 on:** March 02, 2010, 11:23:30 PM »

2 parts

Running from: C:\Documents and Settings\S Chung\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\S Chung\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB867282\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB867282\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB873333\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB873333\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB873333\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB885250\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB885250\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB885250\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB887742\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB887742\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB887742\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB887742\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB888113\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB888113\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB888113\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB888113\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB890047\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB890047\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB890047\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB890175\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB890175\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB890175\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB890175\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB893066\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB893066\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB896422\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB896422\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB896422\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB896422\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB896424\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB896424\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB899589\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB899589\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB899589\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB899589\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB905915\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB905915\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB911567\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB911567\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB911567\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB911567\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB912812\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB912919\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB912919\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB913446\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB913446\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB917159\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB917159\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB917159\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB917159\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB917422\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB917422\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB920214\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920214\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB920214\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB920214\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB921398\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB921398\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB921398\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB921883\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB921883\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB921883\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB922616\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB922616\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB922616\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB922616\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB923694\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB923694\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB923694\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB923694\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB925486\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925486\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB925486\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB925486\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB928090\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB928090\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB929120\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB929120\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB929120\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB929120\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB929338\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB929338\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\SP2QFE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\SP2QFE

Found mount point : C:\WINDOWS\$hf_mig$\KB931768\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB931768\update\update

Found mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB969059\KB969059

Found mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB971486\KB971486

Found mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB973525\KB973525

Found mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB974112\KB974112

Found mount point : C:\WINDOWS\$hf_mig$\KB974455-IE8\KB974455-IE8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB974455-IE8\KB974455-IE8

Found mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB974571\KB974571

Found mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB975025\KB975025

Found mount point : C:\WINDOWS\$hf_mig$\KB975467\KB975467

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB975467\KB975467

Found mount point : C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst

Found mount point : C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst

Found mount point : C:\WINDOWS\.file_store_32\.file_store_32

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\.file_store_32\.file_store_32

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae\1.0.5000.0__b03f5f7f11d50a3a_7cf661ae

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b699752\1.0.5000.0__b77a5c561934e089_5b699752

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5b699752\1.0.5000.0__b77a5c561934e089_5b699752

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_720f98b4\1.0.5000.0__b77a5c561934e089_720f98b4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_720f98b4\1.0.5000.0__b77a5c561934e089_720f98b4

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a93ef261\1.0.5000.0__b03f5f7f11d50a3a_a93ef261

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a93ef261\1.0.5000.0__b03f5f7f11d50a3a_a93ef261

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e\1.0.5000.0__b03f5f7f11d50a3a_f8eace1e

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_68a48036\1.0.5000.0__b03f5f7f11d50a3a_68a48036

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_68a48036\1.0.5000.0__b03f5f7f11d50a3a_68a48036

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_e4e0a1d0\1.0.5000.0__b77a5c561934e089_e4e0a1d0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_e4e0a1d0\1.0.5000.0__b77a5c561934e089_e4e0a1d0

Found mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_72b8f754\1.0.5000.0__b77a5c561934e089_72b8f754

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_72b8f754\1.0.5000.0__b77a5c561934e089_72b8f754

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP106.tmp\ZAP106.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP106.tmp\ZAP106.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12D.tmp\ZAP12D.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP12D.tmp\ZAP12D.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14C.tmp\ZAP14C.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP14C.tmp\ZAP14C.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP158.tmp\ZAP158.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP158.tmp\ZAP158.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP189.tmp\ZAP189.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP189.tmp\ZAP189.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22.tmp\ZAP22.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22.tmp\ZAP22.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33.tmp\ZAP33.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP33.tmp\ZAP33.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39.tmp\ZAP39.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP39.tmp\ZAP39.tmp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\BBSTORE\DSS\DSS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\BBSTORE\DSS\DSS

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Kerjifire · « **Reply #30 on:** March 02, 2010, 11:24:06 PM »

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Found mount point : C:\WINDOWS\Debug\WPD\WPD

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Debug\WPD\WPD

Found mount point : C:\WINDOWS\Downloaded Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\{628E8630-7947-49EA-BE90-7F8BFF77A79C}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Downloaded Installations\{628E8630-7947-49EA-BE90-7F8BFF77A79C}\{628E8630-7947-49EA-BE90-7F8BFF77A79C}

Found mount point : C:\WINDOWS\Downloaded Installations\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Downloaded Installations\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}\{6A553D7E-037E-43C7-ABFF-A270BBB1458F}

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\Installer\{00180409-78E1-11D2-B60F-006097C998E7}\{00180409-78E1-11D2-B60F-006097C998E7}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{00180409-78E1-11D2-B60F-006097C998E7}\{00180409-78E1-11D2-B60F-006097C998E7}

Found mount point : C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

Found mount point : C:\WINDOWS\Installer\{08CA9554-B5FE-4313-938F-D4A417B81175}\{08CA9554-B5FE-4313-938F-D4A417B81175}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{08CA9554-B5FE-4313-938F-D4A417B81175}\{08CA9554-B5FE-4313-938F-D4A417B81175}

Found mount point : C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Found mount point : C:\WINDOWS\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}\{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}

Found mount point : C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150060}\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150060}\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found mount point : C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

Found mount point : C:\WINDOWS\Installer\{3CB41017-F5CA-4C56-934C-ED02156251E6}\{3CB41017-F5CA-4C56-934C-ED02156251E6}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{3CB41017-F5CA-4C56-934C-ED02156251E6}\{3CB41017-F5CA-4C56-934C-ED02156251E6}

Found mount point : C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Found mount point : C:\WINDOWS\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}

Found mount point : C:\WINDOWS\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\{83437081-8186-4F63-BD39-4BE8A691E055}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{83437081-8186-4F63-BD39-4BE8A691E055}\{83437081-8186-4F63-BD39-4BE8A691E055}

Found mount point : C:\WINDOWS\Installer\{9176251A-4CC1-4DDB-B343-B487195EB397}\{9176251A-4CC1-4DDB-B343-B487195EB397}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{9176251A-4CC1-4DDB-B343-B487195EB397}\{9176251A-4CC1-4DDB-B343-B487195EB397}

Found mount point : C:\WINDOWS\Installer\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}\{9D9A73EA-B2D5-42CF-BB54-5CC4D9F08134}

Found mount point : C:\WINDOWS\Installer\{9DE006A5-B384-4EDE-A760-0F217136B9EA}\{9DE006A5-B384-4EDE-A760-0F217136B9EA}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{9DE006A5-B384-4EDE-A760-0F217136B9EA}\{9DE006A5-B384-4EDE-A760-0F217136B9EA}

Found mount point : C:\WINDOWS\Installer\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}\{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Found mount point : C:\WINDOWS\Installer\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}

Found mount point : C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70700000002}\{AC76BA86-7AD7-1033-7B44-A70700000002}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70700000002}\{AC76BA86-7AD7-1033-7B44-A70700000002}

Found mount point : C:\WINDOWS\Installer\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}

Found mount point : C:\WINDOWS\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Media\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Media\java\classes\classes

Found mount point : C:\WINDOWS\Media\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Media\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\pchealth\ErrorRep\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ErrorRep\UserDumps\UserDumps

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\RegisteredPackages\Provisioning\Schemas\Schemas

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\Provisioning\Schemas\Schemas

Found mount point : C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\{077ACEC7-979C-40AB-9835-435BA1511E0D}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\{077ACEC7-979C-40AB-9835-435BA1511E0D}

Found mount point : C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}$BACKUP$\System\System

Found mount point : C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\{30C7234B-6482-4A55-A11D-ECD9030313F2}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\{30C7234B-6482-4A55-A11D-ECD9030313F2}

Found mount point : C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\System

Found mount point : C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}

Found mount point : C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\System

Found mount point : C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\{60204BB3-7078-4F70-8F69-68297621941C}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\{60204BB3-7078-4F70-8F69-68297621941C}

Found mount point : C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\System

Found mount point : C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\{981FB688-E76B-4246-987B-92083185B90A}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\{981FB688-E76B-4246-987B-92083185B90A}

Found mount point : C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\System

Found mount point : C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\{A47B3654-48EE-48A5-B629-97D70175E58F}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\{A47B3654-48EE-48A5-B629-97D70175E58F}

Found mount point : C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\System

Found mount point : C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}

Found mount point : C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\System

Found mount point : C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}

Found mount point : C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\System

Found mount point : C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}

Found mount point : C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\System

Found mount point : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\{DD90D410-1823-43EB-9A16-A2331BF08799}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\{DD90D410-1823-43EB-9A16-A2331BF08799}

Found mount point : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\System

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\setup.pss\setup.pss

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2gdr\sp2gdr

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\sp2qfe\sp2qfe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0af5890fd4bd4b5e665ff4f51f8aab77\update\update

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\10\msft\windows\gdiplus\gdiplus

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\10\msft\windows\gdiplus\gdiplus

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\dxmrtp\dxmrtp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\dxmrtp\dxmrtp

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcdll\rtcdll

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcdll\rtcdll

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcres\rtcres

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\52\msft\windows\net\rtcres\rtcres

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\vcrtl\vcrtl

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\vcrtl\vcrtl

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\windows\common\controls\controls

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\60\msft\windows\common\controls\controls

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\70\msft\windows\mswincrt\mswincrt

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\asms\70\msft\windows\mswincrt\mswincrt

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ip\ip

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\ip\ip

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\lang\lang

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\backup\lang\lang

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\download\download

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\download\download

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\sp2gdr\sp2gdr

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\3cc7b0afacb1662aadcdf242becc1a47\update\update

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2gdr\sp2gdr

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\sp2qfe\sp2qfe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\58bffe479c581eda56fcf7412cce5cc0\update\update

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2gdr\sp2gdr

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\sp2qfe\sp2qfe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\73c38420ed6fcb4d7aee2a7564af0e8f\update\update

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2gdr\sp2gdr

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\sp2qfe\sp2qfe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\7e9c3219e54b43a6d50fc3202fbc3a2b\update\update

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\7f3ae1c8d5ca0198c5822b2c4364147d\7f3ae1c8d5ca0198c5822b2c4364147d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\7f3ae1c8d5ca0198c5822b2c4364147d\7f3ae1c8d5ca0198c5822b2c4364147d

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2gdr\sp2gdr

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\sp2qfe\sp2qfe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\90ab7a7d58cf9102adba0adb5ddf1362\update\update

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2gdr\sp2gdr

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\sp2qfe\sp2qfe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\925d6ee61b7b50b981d47dfff68dc8a7\update\update

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\sp2gdr\sp2gdr

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\991affb71ad97addf21cf4d2cf2c0f71\update\update

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\a8a198f29fa1e0036a0893ee4e32b46a\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2gdr\sp2gdr

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2qfe\sp2qfe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\sp2qfe\sp2qfe

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\bc2e08df13ade612507748ca3eefdc83\update\update

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\cf7ced0e70c80a1e476f1abf49afecb1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\cf7ced0e70c80a1e476f1abf49afecb1

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\sp2gdr\sp2gdr

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\sp2gdr\sp2gdr

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\update\update

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\f9afad35863057b4d78a8a2fae680dce\update\update

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\51ca4a3fc75deb57bb45c683cb369013\51ca4a3fc75deb57bb45c683cb369013

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\51ca4a3fc75deb57bb45c683cb369013\51ca4a3fc75deb57bb45c683cb369013

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\Default

Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\58143\58143

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\58143\58143

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217

Finished!

Dr Jay · « **Reply #31 on:** March 03, 2010, 07:36:15 AM »

Good job.

Please download maxlook and save the file to your desktop.
- Double click maxlook.exe to run it. Note - you must run it only once!
- As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Start the Recovery Console directly from the Windows XP CD by do the following:
- Insert the Windows XP cd in your computer.
- Restart your computer so you are booting off of the CD.
- When the Welcome to Setup screen appears, press the R button on your keyboard to start the Recovery Console.
- The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.
- It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter. If you do not know your password then see this.
- If you entered the correct password you will now be presented with a C:\Windows> prompt and you can start using the Recovery Console.
Type the following bolded command at the C:\windows> prompt and press Enter:
batch look.bat
You will see "1 file(s) copied" many times then return to the c:\windows> prompt.
Type Exit and press Enter to restart your computer then logon in normal mode.

Please run maxlook.exe again now. Note - you must run it only once!
- It will produce looklog.txt on the desktop.
- Please post the results here.

Kerjifire · « **Reply #32 on:** March 04, 2010, 12:22:53 AM »

I have 2 XP CD Packs, i don't know which one i used to install windows. does it matter?

Dr Jay · « **Reply #33 on:** March 04, 2010, 12:05:24 PM »

Place each of them in the drive and boot from it. If you are allowed to press R for repair, then that is the one.

Kerjifire · « **Reply #34 on:** March 05, 2010, 05:18:25 PM »

Can u help me with something b4 i do that, i got the BSOD again and ran Who Crashed

Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

On Fri 5/03/2010 11:55:06 PM your computer crashed
This was likely caused by the following module: ntoskrnl.exe
Bugcheck code: 0x50 (0xE146ACF8, 0x1, 0x804DAAB5, 0x1)
Error: PAGE_FAULT_IN_NONPAGED_AREA
Dump file: C:\WINDOWS\Minidump\Mini030610-01.dmp
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.

--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

1 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

Dr Jay · « **Reply #35 on:** March 05, 2010, 08:32:46 PM »

The infection spawned that blue screen. If you do not get that Recovery Console ready to do the infection removal soon, the computer will become unbootable.

Kerjifire · « **Reply #36 on:** March 05, 2010, 09:51:19 PM »

Run from C:\Documents and Settings\S Chung\Desktop\maxlook.exe on Sat 06/03/2010 at 15:50:50.04

No infected file found

Dr Jay · « **Reply #37 on:** March 06, 2010, 01:29:51 AM »

Please re-run Win32kDiag and post a log.

Kerjifire · « **Reply #38 on:** March 06, 2010, 03:15:22 AM »

Running from: C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\S Chung\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

Oh & HELP ME!, my Antivirus, Reg Mechanic, anti-spyware & Combat Arms can't access the interent/update.

Dr Jay · « **Reply #39 on:** March 06, 2010, 08:05:52 AM »

Re-run ComboFix and post a log, please.

Kerjifire · « **Reply #40 on:** March 07, 2010, 03:41:03 AM »

After running combofix, the PC reset and this came up.

7/03/2010 9:31:46 PM C:\WINDOWS\system32\drivers\atapi.sys [L] Win32:Alureon-FQ (0)
File was successfully moved to chest...

From Avast.

& my Combofix folder went spaz. Look at picture

[Saving space, attachment deleted by admin]

Kerjifire · « **Reply #41 on:** March 07, 2010, 03:46:50 PM »

*censored* DUDE!
I can't boot up my PC, it keeps on reseting itself when it reaches the choose the OS system part. I CAN ONLY BOOT OFF MY WINDOWS CD & AM TALKING TO U VIA ANOTHER PC

Dr Jay · « **Reply #42 on:** March 08, 2010, 02:04:43 PM »

Silly avast.

First
ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second

Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
When downloaded double click and this will then open ISOBurner to burn the file to CD
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings

Change Drivers to Non-Microsoft
Press Run Scan to start the scan.
When finished, the file will be saved in drive C:\_OTL\MovedFiles
Copy this file to your USB drive if you do not have internet connection on this system
Please post the contents of the OTL.txt file in your reply.

[/list]

Kerjifire · « **Reply #43 on:** March 09, 2010, 05:36:11 AM »

OTL logfile created on: 3/9/2010 7:57:49 PM - Run
OTLPE by OldTimer - Version 3.1.35.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.74 Gb Total Space | 15.68 Gb Free Space | 24.22% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 20.66 Gb Free Space | 52.89% Space Free | Partition Type: NTFS
Drive E: | 45.25 Gb Total Space | 11.29 Gb Free Space | 24.94% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 4.55 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive G: | 199.73 Gb Total Space | 135.39 Gb Free Space | 67.79% Space Free | Partition Type: NTFS
Drive H: | 296.53 Gb Total Space | 13.07 Gb Free Space | 4.41% Space Free | Partition Type: NTFS
Drive I: | 329.06 Gb Total Space | 214.31 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (ssrcc)
SRV - File not found [Auto] -- -- (msrvc)
SRV - File not found [Auto] -- -- (DNTVSchedulerPro)
SRV - [2010/02/19 03:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/07 00:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/09 18:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 22:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/29 19:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/19 20:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/18 20:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/15 09:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2001/04/05 22:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (Trufos)
DRV - File not found [Kernel | Boot] -- -- (TfSysMon)
DRV - File not found [Kernel | On_Demand] -- -- (TfNetMon)
DRV - File not found [Kernel | Boot] -- -- (TfFsMon)
DRV - File not found [Kernel | System] -- -- (SuperMounter)
DRV - File not found [Kernel | On_Demand] -- -- (rootrepeal)
DRV - File not found [Kernel | On_Demand] -- -- (Profos)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot] -- -- (Lbd)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (gagp440p)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand] -- -- (BDFsDrv)
DRV - File not found [Kernel | On_Demand] -- -- (bdfdll)
DRV - [2010/02/16 04:48:18 | 000,017,984 | ---- | M] () [File_System | Auto] -- C:\WINDOWS\system32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2010/02/11 13:42:34 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/02/11 13:42:13 | 000,162,512 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/02/11 13:39:01 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/02/11 13:38:34 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/02/11 13:38:23 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/11 13:38:07 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/02 23:52:08 | 004,605,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/07 00:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/11/22 16:43:30 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/22 16:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/22 16:43:28 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/11/08 19:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/27 20:22:00 | 000,298,752 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009/07/28 05:49:05 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/02/15 09:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/12/18 08:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/11/16 11:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/10/28 04:57:42 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/09/23 18:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/06/24 00:10:52 | 000,449,664 | R--- | M] (AfaTech ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/01/23 23:09:34 | 000,048,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2008/01/23 23:09:24 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2008/01/23 23:09:04 | 000,028,168 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2008/01/23 23:08:54 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008/01/23 16:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/01/23 00:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004/12/09 10:25:49 | 000,047,104 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2004/12/03 05:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/10/28 05:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/08/09 06:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 06:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/08/03 07:39:32 | 000,020,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LwAdiHid.sys -- (lwadihid) Logitech WingMan Digital Devices(Auto-Detect)
DRV - [2004/07/19 09:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2004/05/06 22:12:23 | 000,008,703 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004/02/23 22:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/01 10:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page Restore =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\CS_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\M_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE - HKU\M_Chung_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\M_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/14 06:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 02:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/21 02:47:09 | 000,000,000 | ---D | M]

[2010/03/06 06:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/08 06:29:36 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/02/04 03:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DNTVSchedulerProTray Icon] C:\Program Files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe (Renura Enterprises Pty Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S_Chung_ON_C..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S_Chung_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\CS_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\M_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256421470390 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/07 05:14:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/07 05:14:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/07 05:14:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/07 05:14:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/07 05:13:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/03/07 04:39:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 23:37:55 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/03/06 23:37:54 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010/03/06 23:37:54 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2010/03/06 23:37:54 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/03/06 23:37:54 | 000,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2010/03/06 23:37:53 | 014,188,544 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2010/03/06 23:37:53 | 003,633,152 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2010/03/06 23:37:53 | 000,565,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2010/03/06 23:37:53 | 000,397,312 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2010/03/06 23:37:53 | 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010/03/06 23:37:53 | 000,301,568 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/03/06 23:37:53 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/03/06 23:37:53 | 000,180,224 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2010/03/06 23:37:53 | 000,159,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2010/03/06 23:37:53 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2010/03/06 23:37:53 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atibtmon.exe
[2010/03/06 23:37:53 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2010/03/06 23:37:53 | 000,065,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2010/03/06 23:37:53 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2010/03/06 23:37:53 | 000,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2010/03/06 23:37:53 | 000,045,056 | ---- | C] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2010/03/06 23:37:53 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/03/06 23:37:53 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/03/06 23:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/03/06 23:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/03/06 23:36:29 | 000,000,000 | ---D | C] -- C:\ATI
[2010/03/06 23:18:25 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/03/06 23:18:25 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2010/03/06 23:18:25 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/03/06 23:18:25 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2010/03/06 23:18:25 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/03/06 23:18:25 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2010/03/06 23:18:24 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/03/06 23:18:24 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2010/03/06 23:18:24 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/03/06 23:18:24 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
[2010/03/06 23:18:23 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/03/06 23:18:23 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2010/03/06 23:18:23 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/03/06 23:18:23 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2010/03/06 23:18:23 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/03/06 23:18:23 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
[2010/03/06 23:18:22 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/03/06 23:18:22 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2010/03/06 23:18:22 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/03/06 23:18:22 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
[2010/03/06 23:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2010/03/05 23:41:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
[2010/03/05 18:03:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
[2010/03/04 02:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\mIRC
[2010/03/03 05:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R Buttons
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207000.034
[2010/03/02 04:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/03/02 03:08:38 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/03/02 02:57:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/28 03:43:11 | 000,632,832 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[2010/02/26 23:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CS Chung\Application Data\Logitech
[2010/02/26 18:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2010/02/25 03:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Desktop\Ratings
[2010/02/25 03:15:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/25 02:28:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/25 01:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Desktop\avenger
[2010/02/23 06:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/02/23 06:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/02/23 00:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\MegaLeecher
[2010/02/22 02:22:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/02/19 02:58:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/19 02:58:36 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/19 02:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/17 06:23:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/16 05:18:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\S Chung\Recent
[2010/02/16 03:51:11 | 000,126,976 | ---- | C] (Adavanced Systems ) -- C:\WINDOWS\System32\tton.ocx
[2010/02/16 01:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audio Mid Recorder
[2010/02/13 00:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\dvdcss
[2010/02/12 06:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\vlc
[2010/02/11 06:24:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\S Chung\My Documents\My Music
[2010/02/11 01:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/02/10 06:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\AVS4YOU
[2010/02/10 06:09:27 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2010/02/10 05:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\Adobe Programs
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

Kerjifire · « **Reply #44 on:** March 09, 2010, 05:36:45 AM »

[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/09 19:54:17 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/07 05:43:08 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:08 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 05:43:00 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\S Chung\NTUSER.DAT
[2010/03/07 05:42:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\S Chung\ntuser.ini
[2010/03/07 05:31:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/07 05:30:24 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/07 05:30:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/07 05:29:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 05:29:26 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/07 05:29:25 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/03/07 05:00:18 | 004,121,899 | R--- | M] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/03/07 04:14:37 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\maths PROBLEMS Part 4.doc
[2010/03/06 23:13:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/03/06 22:21:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/06 00:52:28 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\CS Chung\ntuser.dat.rmbak
[2010/03/06 00:52:28 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.rmbak
[2010/03/06 00:51:45 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\S Chung\ntuser.dat.rmbak
[2010/03/06 00:51:17 | 003,731,456 | ---- | M] () -- C:\Documents and Settings\M Chung\NTUSER.DAT
[2010/03/06 00:51:17 | 000,774,144 | ---- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/03/06 00:51:17 | 000,462,848 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-1935655697-688789844-1801674531-500.rrr
[2010/03/06 00:51:15 | 003,702,784 | ---- | M] () -- C:\Documents and Settings\CS Chung\NTUSER.DAT
[2010/03/06 00:50:53 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\s-1-5-19.rrr
[2010/03/05 20:13:49 | 000,007,410 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:00:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\CS Chung\ntuser.ini
[2010/03/05 17:59:52 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/05 17:59:22 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/05 17:59:22 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/05 05:40:27 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:08:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/04 03:05:24 | 000,060,056 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:52 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:21 | 000,172,335 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:40 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 07:24:28 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/02 05:45:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:28 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/28 03:43:15 | 000,632,832 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[2010/02/27 01:53:10 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/26 23:40:38 | 000,149,440 | ---- | M] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/26 20:01:07 | 000,638,548 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/26 18:36:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 06:32:31 | 003,729,202 | -H-- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\IconCache.db
[2010/02/26 06:13:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 01:07:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/25 05:23:35 | 001,190,400 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Should Australia Have An R Rating For Games.ppt
[2010/02/25 02:59:28 | 000,009,654 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100225_185909.reg
[2010/02/25 02:45:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/25 02:28:12 | 000,000,330 | RHS- | M] () -- C:\boot.ini
[2010/02/24 05:44:38 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\avenger.zip
[2010/02/24 05:25:19 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Australia should have an R rating for games.doc
[2010/02/24 05:20:59 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$stralia should have an R rating for games.doc
[2010/02/22 19:11:28 | 000,085,797 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Cheetah-Anti-Rogue.cmd
[2010/02/22 04:02:53 | 000,001,015 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Shortcut to HprSnap6.lnk
[2010/02/21 04:37:49 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Maths Questions.doc
[2010/02/19 02:58:44 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for S Chung.job
[2010/02/18 02:58:58 | 000,093,174 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100218_185746.reg
[2010/02/16 05:19:15 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\The Most Dangerous Game Review.doc
[2010/02/16 05:17:51 | 000,009,036 | -HS- | M] () -- C:\WINDOWS\System32\sys_drv.dat
[2010/02/16 05:17:51 | 000,006,024 | -HS- | M] () -- C:\WINDOWS\System32\sys_drv_2.dat
[2010/02/16 05:17:36 | 000,000,990 | -HS- | M] () -- C:\Documents and Settings\S Chung\Application Data\systemfl.$dk
[2010/02/16 04:48:20 | 000,180,224 | ---- | M] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 04:48:18 | 000,017,984 | ---- | M] () -- C:\WINDOWS\System32\WinFLdrv.sys
[2010/02/16 04:48:18 | 000,007,680 | ---- | M] () -- C:\WINDOWS\System32\WinFLsrv.exe
[2010/02/16 02:50:28 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$e Most Dangerous Game Review.doc
[2010/02/16 01:44:19 | 000,000,067 | ---- | M] () -- C:\WINDOWS\AudioMidRecorder.INI
[2010/02/13 19:36:30 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\M Chung\ntuser.dat.rmbak
[2010/02/13 00:25:01 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Women drivers are safer than men drivers.doc
[2010/02/12 05:54:34 | 000,000,482 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Fraps.lnk
[2010/02/12 00:54:27 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/12 00:43:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/11 13:53:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/02/11 13:53:36 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/02/11 13:42:34 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/11 13:42:13 | 000,162,512 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/11 13:39:01 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/11 13:38:34 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/11 13:38:31 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/11 13:38:23 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/11 13:38:07 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/11 01:58:49 | 000,004,690 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100211_175828.reg
[2010/02/10 05:22:10 | 000,007,292 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100210_212206.reg
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/07 05:14:08 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/07 05:14:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/07 05:14:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/07 05:14:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/07 05:14:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/06 23:44:18 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/06 23:37:55 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/03/06 23:37:54 | 000,455,520 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/03/06 23:37:53 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/03/06 23:37:53 | 000,198,341 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/03/06 23:37:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/03/06 23:37:53 | 000,031,240 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/03/06 23:37:53 | 000,020,274 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/03/06 23:37:53 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/03/06 06:43:07 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/05 20:13:47 | 000,007,410 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 06:47:19 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:04:41 | 000,060,056 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:51 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:20 | 000,172,335 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:39 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 05:45:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:24 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/02 02:52:56 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/01 06:21:08 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/27 01:52:58 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/26 23:06:08 | 004,121,899 | R--- | C] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/02/26 19:55:08 | 000,638,548 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/26 18:36:01 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 06:13:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 01:07:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/26 00:47:19 | 000,085,797 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Cheetah-Anti-Rogue.cmd
[2010/02/25 04:05:09 | 001,190,400 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Should Australia Have An R Rating For Games.ppt
[2010/02/25 02:59:11 | 000,009,654 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100225_185909.reg
[2010/02/25 02:28:11 | 000,000,260 | ---- | C] () -- C:\Boot.bak
[2010/02/25 02:28:08 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/24 05:44:37 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\avenger.zip
[2010/02/24 05:20:59 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$stralia should have an R rating for games.doc
[2010/02/23 06:16:57 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/23 06:16:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/22 05:46:38 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\maths PROBLEMS Part 4.doc
[2010/02/22 04:01:06 | 000,001,015 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Shortcut to HprSnap6.lnk
[2010/02/22 03:28:38 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Australia should have an R rating for games.doc
[2010/02/21 03:08:33 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Maths Questions.doc
[2010/02/19 02:58:44 | 000,000,500 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for S Chung.job
[2010/02/18 02:57:48 | 000,093,174 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100218_185746.reg
[2010/02/16 04:48:23 | 000,009,036 | -HS- | C] () -- C:\WINDOWS\System32\sys_drv.dat
[2010/02/16 04:48:23 | 000,006,024 | -HS- | C] () -- C:\WINDOWS\System32\sys_drv_2.dat
[2010/02/16 04:48:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 04:48:18 | 000,017,984 | ---- | C] () -- C:\WINDOWS\System32\WinFLdrv.sys
[2010/02/16 04:48:18 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\WinFLsrv.exe
[2010/02/16 04:48:17 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\S Chung\Application Data\systemfl.$dk
[2010/02/16 04:48:05 | 000,033,982 | ---- | C] () -- C:\WINDOWS\System32\flk-icon.ico
[2010/02/16 02:50:28 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$e Most Dangerous Game Review.doc
[2010/02/16 01:37:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2010/02/15 05:41:01 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\The Most Dangerous Game Review.doc
[2010/02/13 00:25:00 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Women drivers are safer than men drivers.doc
[2010/02/11 01:58:30 | 000,004,690 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100211_175828.reg
[2010/02/10 05:22:07 | 000,007,292 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100210_212206.reg
[2010/01/25 22:08:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/25 00:03:25 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/12/14 23:08:59 | 000,000,355 | ---- | C] () -- C:\WINDOWS\Sonic3K.INI
[2009/12/14 03:02:54 | 000,075,600 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\ReplayMusicLog.log
[2009/11/24 05:45:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/23 06:02:51 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/09 14:17:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\housecall.guid.cache
[2009/10/26 06:13:43 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/10/24 04:07:25 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2009/09/10 19:00:34 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/03 00:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/28 06:28:32 | 000,305,408 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/25 05:36:54 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\fusioncache.dat
[2009/07/24 04:00:27 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/04 00:06:18 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\fusioncache.dat
[2009/05/27 05:40:54 | 000,001,814 | ---- | C] () -- C:\WINDOWS\HprSnap.INI
[2009/05/26 04:19:33 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/22 08:10:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2009/05/22 08:10:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2008/11/11 15:59:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/05 06:58:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/10/11 17:36:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2008/10/11 17:36:11 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/10/11 17:36:06 | 000,000,778 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2008/10/11 17:36:06 | 000,000,080 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2008/08/18 16:07:05 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 02:38:01 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/03 02:38:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\PnkBstrK.sys
[2008/01/28 06:05:33 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/12/06 00:59:26 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\M Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 04:47:36 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\AVSDVDPlayer.m3u
[2007/09/08 02:06:57 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007/08/25 00:38:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\CS Chung\Application Data\AVSDVDPlayer.m3u
[2007/08/04 06:51:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/07/04 06:26:05 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/30 00:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/06/27 02:11:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/18 05:09:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 05:12:31 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/06/15 04:01:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7M.DLL
[2007/06/14 06:28:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/11/28 17:09:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT4.dll
[2004/11/28 17:05:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT3.dll
[2004/11/27 23:28:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT2.dll
[2004/11/27 23:11:01 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT1.dll
[2004/08/03 19:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/08 07:04:46 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\caacedfedaadeca.dll

========== LOP Check ==========

[2009/05/30 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Canon
[2008/06/29 01:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\CD-LabelPrint
[2009/07/25 05:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Cuttermaran
[2009/01/28 02:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\HiYo
[2009/07/28 06:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Pegasys Inc
[2009/11/09 14:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\QuickScan
[2009/08/09 08:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDo-TVSuite
[2009/08/05 07:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDoPlus
[2009/02/28 18:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\HiYo
[2009/07/24 18:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\My Battle for Middle-earth Files
[2007/07/01 21:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Sierra
[2007/11/24 06:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Thunderbird
[2009/11/25 06:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Any Video Converter
[2010/01/29 02:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Auslogics
[2010/01/25 01:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Error Fix
[2010/01/22 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Leadertech
[2009/11/26 03:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mp3tag
[2009/12/13 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\My Battle for Middle-earth(tm) II Files
[2009/11/19 05:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Registry Mechanic
[2010/01/25 00:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\ScanSoft
[2010/01/25 23:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Simply Super Software
[2009/11/19 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Ubisoft
[2010/03/05 07:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job

========== Purity Check ==========

< End of report >

Dr Jay · « **Reply #45 on:** March 09, 2010, 11:21:08 AM »

Open OTLPE

In the Custom Scans box, place in the following then press Quick Scan:

/md5start
atapi.sys
iastor.sys
explorer.exe
lsass.exe
/md5stop

Post the log in your next reply.

Kerjifire · « **Reply #46 on:** March 10, 2010, 02:27:45 AM »

OTL logfile created on: 3/10/2010 6:12:51 PM - Run
OTLPE by OldTimer - Version 3.1.35.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.74 Gb Total Space | 15.67 Gb Free Space | 24.21% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 20.66 Gb Free Space | 52.89% Space Free | Partition Type: NTFS
Drive E: | 45.25 Gb Total Space | 11.29 Gb Free Space | 24.94% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 4.55 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive G: | 199.73 Gb Total Space | 135.39 Gb Free Space | 67.79% Space Free | Partition Type: NTFS
Drive H: | 296.53 Gb Total Space | 13.07 Gb Free Space | 4.41% Space Free | Partition Type: NTFS
Drive I: | 329.06 Gb Total Space | 214.31 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
Drive J: | 3.75 Gb Total Space | 1.64 Gb Free Space | 43.63% Space Free | Partition Type: FAT32
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (ssrcc)
SRV - File not found [Auto] -- -- (msrvc)
SRV - File not found [Auto] -- -- (DNTVSchedulerPro)
SRV - [2010/02/19 03:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/07 00:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/09 18:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 22:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/29 19:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/19 20:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/18 20:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/15 09:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2001/04/05 22:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page Restore =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\CS_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\M_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE - HKU\M_Chung_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\M_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/14 06:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 02:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/21 02:47:09 | 000,000,000 | ---D | M]

[2010/03/06 06:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/08 06:29:36 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/02/04 03:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DNTVSchedulerProTray Icon] C:\Program Files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe (Renura Enterprises Pty Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S_Chung_ON_C..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S_Chung_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\CS_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\M_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256421470390 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/09 22:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R
[2010/03/07 05:14:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/07 05:14:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/07 05:14:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/07 05:14:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/07 05:13:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/03/07 04:39:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 23:37:55 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/03/06 23:37:54 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/03/06 23:37:53 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/03/06 23:37:53 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/03/06 23:37:53 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/03/06 23:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/03/06 23:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/03/06 23:36:29 | 000,000,000 | ---D | C] -- C:\ATI
[2010/03/06 23:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2010/03/05 23:41:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
[2010/03/05 18:03:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
[2010/03/04 02:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\mIRC
[2010/03/03 05:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R Buttons
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207000.034
[2010/03/02 04:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/03/02 03:08:38 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/03/02 02:57:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/28 03:43:11 | 000,632,832 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[2010/02/26 23:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CS Chung\Application Data\Logitech
[2010/02/26 18:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2010/02/25 03:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Desktop\Ratings
[2010/02/25 03:15:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/25 02:28:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/25 01:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Desktop\avenger
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/09 20:21:14 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/07 05:43:08 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:08 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 05:43:00 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\S Chung\NTUSER.DAT
[2010/03/07 05:42:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\S Chung\ntuser.ini
[2010/03/07 05:31:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/07 05:30:24 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/07 05:30:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/07 05:29:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 05:29:26 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/07 05:29:25 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/03/07 05:00:18 | 004,121,899 | R--- | M] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/03/07 04:14:37 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\maths PROBLEMS Part 4.doc
[2010/03/06 23:13:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/03/06 22:21:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/06 00:52:28 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\CS Chung\ntuser.dat.rmbak
[2010/03/06 00:52:28 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.rmbak
[2010/03/06 00:51:45 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\S Chung\ntuser.dat.rmbak
[2010/03/06 00:51:17 | 003,731,456 | ---- | M] () -- C:\Documents and Settings\M Chung\NTUSER.DAT
[2010/03/06 00:51:17 | 000,774,144 | ---- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/03/06 00:51:17 | 000,462,848 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-1935655697-688789844-1801674531-500.rrr
[2010/03/06 00:51:15 | 003,702,784 | ---- | M] () -- C:\Documents and Settings\CS Chung\NTUSER.DAT
[2010/03/06 00:50:53 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\s-1-5-19.rrr
[2010/03/05 20:13:49 | 000,007,410 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:00:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\CS Chung\ntuser.ini
[2010/03/05 17:59:52 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/05 17:59:22 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/05 17:59:22 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/05 05:40:27 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:08:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/04 03:05:24 | 000,060,056 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:52 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:21 | 000,172,335 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:40 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 07:24:28 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/02 05:45:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:28 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/28 03:43:15 | 000,632,832 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[2010/02/27 01:53:10 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/26 23:40:38 | 000,149,440 | ---- | M] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/26 20:01:07 | 000,638,548 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/26 18:36:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 06:32:31 | 003,729,202 | -H-- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\IconCache.db
[2010/02/26 06:13:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 01:07:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/25 05:23:35 | 001,190,400 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\Should Australia Have An R Rating For Games.ppt
[2010/02/25 02:59:28 | 000,009,654 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100225_185909.reg
[2010/02/25 02:45:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/25 02:28:12 | 000,000,330 | RHS- | M] () -- C:\boot.ini
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/07 05:14:08 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/07 05:14:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/07 05:14:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/07 05:14:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/07 05:14:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/06 23:44:18 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/06 23:37:55 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/03/06 23:37:54 | 000,455,520 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/03/06 23:37:53 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/03/06 23:37:53 | 000,198,341 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/03/06 23:37:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/03/06 23:37:53 | 000,031,240 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/03/06 23:37:53 | 000,020,274 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/03/06 23:37:53 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/03/06 06:43:07 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/05 20:13:47 | 000,007,410 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 06:47:19 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:04:41 | 000,060,056 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:51 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:20 | 000,172,335 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:39 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 05:45:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:24 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/02 02:52:56 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/01 06:21:08 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/27 01:52:58 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/26 23:06:08 | 004,121,899 | R--- | C] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/02/26 19:55:08 | 000,638,548 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/26 18:36:01 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 06:13:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 01:07:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/26 00:47:19 | 000,085,797 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Cheetah-Anti-Rogue.cmd
[2010/02/25 04:05:09 | 001,190,400 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\Should Australia Have An R Rating For Games.ppt
[2010/02/25 02:59:11 | 000,009,654 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100225_185909.reg
[2010/02/25 02:28:11 | 000,000,260 | ---- | C] () -- C:\Boot.bak
[2010/02/25 02:28:08 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/23 06:16:57 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/23 06:16:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/16 04:48:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 04:48:18 | 000,017,984 | ---- | C] () -- C:\WINDOWS\System32\WinFLdrv.sys
[2010/02/16 04:48:17 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\S Chung\Application Data\systemfl.$dk
[2010/02/16 01:37:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2010/01/25 22:08:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/25 00:03:25 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/12/14 23:08:59 | 000,000,355 | ---- | C] () -- C:\WINDOWS\Sonic3K.INI
[2009/12/14 03:02:54 | 000,075,600 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\ReplayMusicLog.log
[2009/11/24 05:45:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/23 06:02:51 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/09 14:17:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\housecall.guid.cache
[2009/10/26 06:13:43 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/10/24 04:07:25 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2009/09/10 19:00:34 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/03 00:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/28 06:28:32 | 000,305,408 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/25 05:36:54 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\fusioncache.dat
[2009/07/24 04:00:27 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/04 00:06:18 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\fusioncache.dat
[2009/05/27 05:40:54 | 000,001,814 | ---- | C] () -- C:\WINDOWS\HprSnap.INI
[2009/05/26 04:19:33 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/22 08:10:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2009/05/22 08:10:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2008/11/11 15:59:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/05 06:58:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/10/11 17:36:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2008/10/11 17:36:11 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/10/11 17:36:06 | 000,000,778 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2008/10/11 17:36:06 | 000,000,080 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2008/08/18 16:07:05 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 02:38:01 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/03 02:38:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\PnkBstrK.sys
[2008/01/28 06:05:33 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/12/06 00:59:26 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\M Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 04:47:36 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\AVSDVDPlayer.m3u
[2007/09/08 02:06:57 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007/08/25 00:38:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\CS Chung\Application Data\AVSDVDPlayer.m3u
[2007/08/04 06:51:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/07/04 06:26:05 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/30 00:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/06/27 02:11:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/18 05:09:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 05:12:31 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/06/15 04:01:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7M.DLL
[2007/06/14 06:28:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/11/28 17:09:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT4.dll
[2004/11/28 17:05:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT3.dll
[2004/11/27 23:28:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT2.dll
[2004/11/27 23:11:01 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT1.dll
[2004/08/03 19:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/08 07:04:46 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\caacedfedaadeca.dll

========== LOP Check ==========

[2009/05/30 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Canon
[2008/06/29 01:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\CD-LabelPrint
[2009/07/25 05:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Cuttermaran
[2009/01/28 02:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\HiYo
[2009/07/28 06:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Pegasys Inc
[2009/11/09 14:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\QuickScan
[2009/08/09 08:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDo-TVSuite
[2009/08/05 07:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDoPlus
[2009/02/28 18:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\HiYo
[2009/07/24 18:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\My Battle for Middle-earth Files
[2007/07/01 21:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Sierra
[2007/11/24 06:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Thunderbird
[2009/11/25 06:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Any Video Converter
[2010/01/29 02:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Auslogics
[2010/01/25 01:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Error Fix
[2010/01/22 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Leadertech
[2009/11/26 03:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mp3tag
[2009/12/13 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\My Battle for Middle-earth(tm) II Files
[2009/11/19 05:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Registry Mechanic
[2010/01/25 00:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\ScanSoft
[2010/01/25 23:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Simply Super Software
[2009/11/19 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Ubisoft
[2010/03/05 07:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/24 17:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/10/24 17:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () MD5=2A7506584BB54EB87CA6F1BCF1DBBE15 -- C:\WINDOWS\maxdriver\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\ComboFix\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: LSASS.EXE >
[2004/08/04 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\lsass.exe
[2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe
< End of report >

Kerjifire · « **Reply #47 on:** March 10, 2010, 02:28:54 AM »

Can u get my XP working soon, i sorta needa do my skool work

Dr Jay · « **Reply #48 on:** March 10, 2010, 08:06:19 AM »

Open OTLPE

In the Custom Scans box, place in the following then press Quick Scan:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Post the log in your next reply.

Kerjifire · « **Reply #49 on:** March 10, 2010, 11:30:42 PM »

OTL logfile created on: 3/11/2010 5:03:03 PM - Run
OTLPE by OldTimer - Version 3.1.35.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.74 Gb Total Space | 15.67 Gb Free Space | 24.21% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 20.66 Gb Free Space | 52.89% Space Free | Partition Type: NTFS
Drive E: | 45.25 Gb Total Space | 11.29 Gb Free Space | 24.94% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 4.55 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive G: | 199.73 Gb Total Space | 135.39 Gb Free Space | 67.79% Space Free | Partition Type: NTFS
Drive H: | 296.53 Gb Total Space | 13.07 Gb Free Space | 4.41% Space Free | Partition Type: NTFS
Drive I: | 329.06 Gb Total Space | 214.31 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
Drive J: | 3.75 Gb Total Space | 1.63 Gb Free Space | 43.45% Space Free | Partition Type: FAT32
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (ssrcc)
SRV - File not found [Auto] -- -- (msrvc)
SRV - File not found [Auto] -- -- (DNTVSchedulerPro)
SRV - [2010/02/19 03:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/07 00:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/09 18:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 22:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/29 19:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/19 20:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/18 20:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/15 09:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2001/04/05 22:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page Restore =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\CS_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\M_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE - HKU\M_Chung_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\M_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/14 06:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 02:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/21 02:47:09 | 000,000,000 | ---D | M]

[2010/03/06 06:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/08 06:29:36 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/02/04 03:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DNTVSchedulerProTray Icon] C:\Program Files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe (Renura Enterprises Pty Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S_Chung_ON_C..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S_Chung_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\CS_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\M_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256421470390 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/24 14:13:42 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WdfLoadGroup -
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646d-cd3c-40f4-97b9-cd9e4e6262ef} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89b4c1cd-b018-4511-b0a1-5476dbf70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MKVC - C:\WINDOWS\System32\KMVIDC32.DLL ()
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/09 22:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R
[2010/03/07 05:14:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/07 05:14:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/07 05:14:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/07 05:14:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/07 05:13:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/03/07 04:39:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 23:37:55 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/03/06 23:37:54 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/03/06 23:37:53 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/03/06 23:37:53 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/03/06 23:37:53 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/03/06 23:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/03/06 23:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/03/06 23:36:29 | 000,000,000 | ---D | C] -- C:\ATI
[2010/03/06 23:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2010/03/05 23:41:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
[2010/03/05 18:03:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
[2010/03/04 02:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\mIRC
[2010/03/03 05:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R Buttons
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207000.034
[2010/03/02 04:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/03/02 03:08:38 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/03/02 02:57:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/28 03:43:11 | 000,632,832 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[2010/02/26 23:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CS Chung\Application Data\Logitech
[2010/02/26 18:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/10 20:21:20 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/07 05:43:08 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:08 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 05:43:00 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\S Chung\NTUSER.DAT
[2010/03/07 05:42:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\S Chung\ntuser.ini
[2010/03/07 05:31:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/07 05:30:24 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/07 05:30:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/07 05:29:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 05:29:26 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/07 05:29:25 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/03/07 05:00:18 | 004,121,899 | R--- | M] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/03/07 04:14:37 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\maths PROBLEMS Part 4.doc
[2010/03/06 23:13:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/03/06 22:21:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/06 00:52:28 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\CS Chung\ntuser.dat.rmbak
[2010/03/06 00:52:28 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.rmbak
[2010/03/06 00:51:45 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\S Chung\ntuser.dat.rmbak
[2010/03/06 00:51:17 | 003,731,456 | ---- | M] () -- C:\Documents and Settings\M Chung\NTUSER.DAT
[2010/03/06 00:51:17 | 000,774,144 | ---- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/03/06 00:51:17 | 000,462,848 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-1935655697-688789844-1801674531-500.rrr
[2010/03/06 00:51:15 | 003,702,784 | ---- | M] () -- C:\Documents and Settings\CS Chung\NTUSER.DAT
[2010/03/06 00:50:53 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\s-1-5-19.rrr
[2010/03/05 20:13:49 | 000,007,410 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:00:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\CS Chung\ntuser.ini
[2010/03/05 17:59:52 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/05 17:59:22 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/05 17:59:22 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/05 05:40:27 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:08:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/04 03:05:24 | 000,060,056 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:52 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:21 | 000,172,335 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:40 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 07:24:28 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/02 05:45:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:28 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/28 03:43:15 | 000,632,832 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[2010/02/27 01:53:10 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/26 23:40:38 | 000,149,440 | ---- | M] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/26 20:01:07 | 000,638,548 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/26 18:36:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 06:32:31 | 003,729,202 | -H-- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\IconCache.db
[2010/02/26 06:13:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 01:07:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

Kerjifire · « **Reply #50 on:** March 10, 2010, 11:31:15 PM »

[2010/03/07 05:14:08 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/07 05:14:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/07 05:14:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/07 05:14:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/07 05:14:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/06 23:44:18 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/06 23:37:55 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/03/06 23:37:54 | 000,455,520 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/03/06 23:37:53 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/03/06 23:37:53 | 000,198,341 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/03/06 23:37:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/03/06 23:37:53 | 000,031,240 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/03/06 23:37:53 | 000,020,274 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/03/06 23:37:53 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/03/06 06:43:07 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/05 20:13:47 | 000,007,410 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 06:47:19 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:04:41 | 000,060,056 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:51 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:20 | 000,172,335 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:39 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 05:45:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:24 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/02 02:52:56 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/01 06:21:08 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/27 01:52:58 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\test.doc
[2010/02/26 23:06:08 | 004,121,899 | R--- | C] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/02/26 19:55:08 | 000,638,548 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\GetSystemInfo_CSC2_S Chung_2010_02_27_11_54_57.zip
[2010/02/26 18:36:01 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\WhoCrashed.lnk
[2010/02/26 06:13:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
[2010/02/26 01:07:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\S Chung\My Documents\~$THS PROBLEMS Part 4.doc
[2010/02/26 00:47:19 | 000,085,797 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Cheetah-Anti-Rogue.cmd
[2010/02/23 06:16:57 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/23 06:16:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/16 04:48:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 04:48:18 | 000,017,984 | ---- | C] () -- C:\WINDOWS\System32\WinFLdrv.sys
[2010/02/16 04:48:17 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\S Chung\Application Data\systemfl.$dk
[2010/02/16 01:37:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2010/01/25 22:08:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/25 00:03:25 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/12/14 23:08:59 | 000,000,355 | ---- | C] () -- C:\WINDOWS\Sonic3K.INI
[2009/12/14 03:02:54 | 000,075,600 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\ReplayMusicLog.log
[2009/11/24 05:45:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/23 06:02:51 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/09 14:17:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\housecall.guid.cache
[2009/10/26 06:13:43 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/10/24 04:07:25 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2009/09/10 19:00:34 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/03 00:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/28 06:28:32 | 000,305,408 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/25 05:36:54 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\fusioncache.dat
[2009/07/24 04:00:27 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/04 00:06:18 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\fusioncache.dat
[2009/05/27 05:40:54 | 000,001,814 | ---- | C] () -- C:\WINDOWS\HprSnap.INI
[2009/05/26 04:19:33 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/22 08:10:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2009/05/22 08:10:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2008/11/11 15:59:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/05 06:58:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/10/11 17:36:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2008/10/11 17:36:11 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/10/11 17:36:06 | 000,000,778 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2008/10/11 17:36:06 | 000,000,080 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2008/08/18 16:07:05 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 02:38:01 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/03 02:38:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\PnkBstrK.sys
[2008/01/28 06:05:33 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/12/06 00:59:26 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\M Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 04:47:36 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\AVSDVDPlayer.m3u
[2007/09/08 02:06:57 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007/08/25 00:38:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\CS Chung\Application Data\AVSDVDPlayer.m3u
[2007/08/04 06:51:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/07/04 06:26:05 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/30 00:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/06/27 02:11:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/18 05:09:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 05:12:31 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/06/15 04:01:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7M.DLL
[2007/06/14 06:28:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/11/28 17:09:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT4.dll
[2004/11/28 17:05:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT3.dll
[2004/11/27 23:28:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT2.dll
[2004/11/27 23:11:01 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT1.dll
[2004/08/03 19:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/08 07:04:46 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\caacedfedaadeca.dll

========== LOP Check ==========

[2009/05/30 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Canon
[2008/06/29 01:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\CD-LabelPrint
[2009/07/25 05:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Cuttermaran
[2009/01/28 02:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\HiYo
[2009/07/28 06:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Pegasys Inc
[2009/11/09 14:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\QuickScan
[2009/08/09 08:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDo-TVSuite
[2009/08/05 07:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDoPlus
[2009/02/28 18:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\HiYo
[2009/07/24 18:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\My Battle for Middle-earth Files
[2007/07/01 21:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Sierra
[2007/11/24 06:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Thunderbird
[2009/11/25 06:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Any Video Converter
[2010/01/29 02:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Auslogics
[2010/01/25 01:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Error Fix
[2010/01/22 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Leadertech
[2009/11/26 03:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mp3tag
[2009/12/13 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\My Battle for Middle-earth(tm) II Files
[2009/11/19 05:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Registry Mechanic
[2010/01/25 00:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\ScanSoft
[2010/01/25 23:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Simply Super Software
[2009/11/19 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Ubisoft
[2010/03/05 07:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-07 06:57:23

< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/10/24 17:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/10/24 17:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\maxdriver\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 07:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/24 17:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/10/24 17:20:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () MD5=2A7506584BB54EB87CA6F1BCF1DBBE15 -- C:\WINDOWS\maxdriver\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] () MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\ComboFix\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 07:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\maxdriver\beep.sys
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IMM32.DLL >
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ERDNT\cache\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 07:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2004/08/04 07:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2004/08/04 07:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\ERDNT\cache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: LOGEVENT.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\logevent.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 07:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2004/08/04 07:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\maxdriver\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\maxdriver\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 07:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 07:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2004/08/04 07:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ERDNT\cache\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 07:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 07:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 07:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2004/08/04 07:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2004/08/04 07:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ERDNT\cache\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 07:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 07:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ERDNT\cache\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 07:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ERDNT\cache\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 07:00:00 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/20 12:46:57 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2009/12/21 14:14:02 | 011,070,464 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2009/12/21 14:14:03 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 19:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 19:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2008/06/17 14:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >

Dr Jay · « **Reply #51 on:** March 11, 2010, 07:04:48 PM »

Please run OTLPE.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
C:\WINDOWS\system32\eventlog.dll|C:\WINDOWS\ServicePackFiles\i386\eventlog.dll /replace
Return to OTLPE, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTLPE

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Kerjifire · « **Reply #52 on:** March 12, 2010, 01:02:41 AM »

========== FILES ==========
File C:\WINDOWS\system32\eventlog.dll successfully replaced with C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

OTLPE by OldTimer - Version 3.1.35.0 log created on 03122010_162834

When will my PC be able to boot from XP again?

Dr Jay · « **Reply #53 on:** March 12, 2010, 07:25:52 AM »

Did you try it? Try it real quick.

Kerjifire · « **Reply #54 on:** March 12, 2010, 03:03:02 PM »

When it gets to here..... the computer restarts.

[Saving space, attachment deleted by admin]

Dr Jay · « **Reply #55 on:** March 12, 2010, 07:15:16 PM »

Oh ok.

Open OTLPE, place the following in and hit quick scan:

/md5start
userinit.exe
netlogon.dll
/md5stop

Post the log.

Kerjifire · « **Reply #56 on:** March 12, 2010, 10:48:37 PM »

OTL logfile created on: 3/13/2010 4:17:23 PM - Run
OTLPE by OldTimer - Version 3.1.35.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.74 Gb Total Space | 15.67 Gb Free Space | 24.21% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 20.66 Gb Free Space | 52.89% Space Free | Partition Type: NTFS
Drive E: | 45.25 Gb Total Space | 11.29 Gb Free Space | 24.94% Space Free | Partition Type: NTFS
Drive F: | 39.06 Gb Total Space | 4.55 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Drive G: | 199.73 Gb Total Space | 135.39 Gb Free Space | 67.79% Space Free | Partition Type: NTFS
Drive H: | 296.53 Gb Total Space | 13.07 Gb Free Space | 4.41% Space Free | Partition Type: NTFS
Drive I: | 329.06 Gb Total Space | 214.31 Gb Free Space | 65.13% Space Free | Partition Type: NTFS
Drive J: | 3.75 Gb Total Space | 1.63 Gb Free Space | 43.45% Space Free | Partition Type: FAT32
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (ssrcc)
SRV - File not found [Auto] -- -- (msrvc)
SRV - File not found [Auto] -- -- (DNTVSchedulerPro)
SRV - [2010/02/19 03:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/02/11 13:53:39 | 000,040,384 | ---- | M] (ALWIL Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/07 00:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/09 18:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 22:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/29 19:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/19 20:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/05/18 20:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/15 09:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2001/04/05 22:57:46 | 000,238,080 | ---- | M] (O&O Software GmbH) [Auto] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Local Page Restore =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\CS_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\M_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
IE - HKU\M_Chung_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\M_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S_Chung_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S_Chung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/10/14 06:33:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 02:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/21 02:47:09 | 000,000,000 | ---D | M]

[2010/03/06 06:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/08 06:29:36 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2010/02/04 03:21:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\CS_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\M_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S_Chung_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DNTVSchedulerProTray Icon] C:\Program Files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe (Renura Enterprises Pty Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S_Chung_ON_C..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S_Chung_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\CS_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\M_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService.NT_AUTHORITY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S_Chung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256421470390 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/04/06 08:15:00 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/09 22:27:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R
[2010/03/07 05:14:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/07 05:14:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/07 05:14:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/07 05:14:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/07 05:13:55 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/03/07 04:39:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 23:37:55 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/03/06 23:37:54 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/03/06 23:37:53 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/03/06 23:37:53 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/03/06 23:37:53 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/03/06 23:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/03/06 23:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/03/06 23:36:29 | 000,000,000 | ---D | C] -- C:\ATI
[2010/03/06 23:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2010/03/05 23:41:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\maxdriver
[2010/03/05 18:03:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
[2010/03/04 02:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\Application Data\mIRC
[2010/03/03 05:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\S Chung\My Documents\8R Buttons
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/03/02 04:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NSS\0207000.034
[2010/03/02 04:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/03/02 03:08:38 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/03/02 02:57:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/28 03:43:11 | 000,632,832 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/12 16:28:51 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/07 05:43:08 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:08 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
[2010/03/07 05:43:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/07 05:43:00 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\S Chung\NTUSER.DAT
[2010/03/07 05:42:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\S Chung\ntuser.ini
[2010/03/07 05:31:10 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/07 05:30:24 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/07 05:30:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/07 05:29:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/07 05:29:26 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/07 05:29:25 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/03/07 05:00:18 | 004,121,899 | R--- | M] () -- C:\Documents and Settings\S Chung\Desktop\ComboFix.exe
[2010/03/07 04:14:37 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\maths PROBLEMS Part 4.doc
[2010/03/06 23:13:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/03/06 22:21:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/06 00:52:28 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\CS Chung\ntuser.dat.rmbak
[2010/03/06 00:52:28 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.rmbak
[2010/03/06 00:51:45 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\S Chung\ntuser.dat.rmbak
[2010/03/06 00:51:17 | 003,731,456 | ---- | M] () -- C:\Documents and Settings\M Chung\NTUSER.DAT
[2010/03/06 00:51:17 | 000,774,144 | ---- | M] () -- C:\Documents and Settings\Guest\NTUSER.DAT
[2010/03/06 00:51:17 | 000,462,848 | ---- | M] () -- C:\Documents and Settings\Administrator\s-1-5-21-1935655697-688789844-1801674531-500.rrr
[2010/03/06 00:51:15 | 003,702,784 | ---- | M] () -- C:\Documents and Settings\CS Chung\NTUSER.DAT
[2010/03/06 00:50:53 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\s-1-5-19.rrr
[2010/03/05 20:13:49 | 000,007,410 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:00:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\CS Chung\ntuser.ini
[2010/03/05 17:59:52 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/05 17:59:22 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/05 17:59:22 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/05 05:40:27 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:08:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/04 03:05:24 | 000,060,056 | ---- | M] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:52 | 001,138,992 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:21 | 000,172,335 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:40 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 07:24:28 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/02 05:45:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:28 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/28 03:43:15 | 000,632,832 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\S Chung\Desktop\OTS.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\M Chung\My Documents\*.tmp files -> C:\Documents and Settings\M Chung\My Documents\*.tmp -> ]
[32 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[14 C:\Documents and Settings\S Chung\My Documents\*.tmp files -> C:\Documents and Settings\S Chung\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/07 05:14:08 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/07 05:14:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/07 05:14:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/07 05:14:08 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/07 05:14:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/06 23:44:18 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/06 23:37:55 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/03/06 23:37:54 | 000,455,520 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/03/06 23:37:53 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/03/06 23:37:53 | 000,198,341 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/03/06 23:37:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/03/06 23:37:53 | 000,031,240 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/03/06 23:37:53 | 000,020,274 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/03/06 23:37:53 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/03/06 06:43:07 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Combat Arms.lnk
[2010/03/05 20:13:47 | 000,007,410 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100306_121346.reg
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 17:45:39 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 06:47:19 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini
[2010/03/04 05:33:46 | 000,038,197 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex1.swf
[2010/03/04 05:11:47 | 000,086,038 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\flashvortex.swf
[2010/03/04 03:04:41 | 000,060,056 | ---- | C] () -- C:\Documents and Settings\CS Chung\My Documents\cc_20100304_190440.reg
[2010/03/04 00:40:51 | 001,138,992 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\maxlook.exe
[2010/03/03 03:56:20 | 000,172,335 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\avatar_1218.gif
[2010/03/03 00:41:39 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\Win32kDiag.exe
[2010/03/02 05:45:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/02 05:45:24 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\SUPERAntiSpyware.exe
[2010/03/02 05:41:16 | 000,000,476 | ---- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for S Chung.job
[2010/03/02 04:08:56 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NSS\0207000.034\isolate.ini
[2010/03/02 03:16:23 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\S Chung\Desktop\SystemLook.exe
[2010/03/02 02:52:56 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\S Chung\My Documents\China Essay.doc
[2010/03/01 06:21:08 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2010/02/23 06:16:57 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/23 06:16:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/16 04:48:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2010/02/16 04:48:18 | 000,017,984 | ---- | C] () -- C:\WINDOWS\System32\WinFLdrv.sys
[2010/02/16 04:48:17 | 000,000,990 | -HS- | C] () -- C:\Documents and Settings\S Chung\Application Data\systemfl.$dk
[2010/02/16 01:37:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2010/01/25 22:08:06 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/25 00:03:25 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/12/14 23:08:59 | 000,000,355 | ---- | C] () -- C:\WINDOWS\Sonic3K.INI
[2009/12/14 03:02:54 | 000,075,600 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\ReplayMusicLog.log
[2009/11/24 05:45:51 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/23 06:02:51 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/09 14:17:25 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\housecall.guid.cache
[2009/10/26 06:13:43 | 000,000,068 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2009/10/24 04:07:25 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2009/09/10 19:00:34 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/03 00:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/28 06:28:32 | 000,305,408 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/07/25 05:36:54 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\fusioncache.dat
[2009/07/24 04:00:27 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/04 00:06:18 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\fusioncache.dat
[2009/05/27 05:40:54 | 000,001,814 | ---- | C] () -- C:\WINDOWS\HprSnap.INI
[2009/05/26 04:19:33 | 000,000,051 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/05/22 08:10:40 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2009/05/22 08:10:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2008/11/11 15:59:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/05 06:58:55 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/10/11 17:36:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\REGPSD20.INI
[2008/10/11 17:36:11 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2008/10/11 17:36:06 | 000,000,778 | ---- | C] () -- C:\WINDOWS\PSDEWIN.INI
[2008/10/11 17:36:06 | 000,000,080 | ---- | C] () -- C:\WINDOWS\psdxport.ini
[2008/08/18 16:07:05 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\CS Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/03 02:38:01 | 000,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/03 02:38:01 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\PnkBstrK.sys
[2008/01/28 06:05:33 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007/12/06 00:59:26 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\M Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 04:47:36 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\S Chung\Application Data\AVSDVDPlayer.m3u
[2007/09/08 02:06:57 | 000,000,745 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2007/08/25 00:38:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\CS Chung\Application Data\AVSDVDPlayer.m3u
[2007/08/04 06:51:55 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/07/04 06:26:05 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\S Chung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/30 00:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/06/27 02:11:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/18 05:09:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 05:12:31 | 000,087,808 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/06/15 04:01:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7M.DLL
[2007/06/14 06:28:12 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/11/28 17:09:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT4.dll
[2004/11/28 17:05:56 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT3.dll
[2004/11/27 23:28:03 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT2.dll
[2004/11/27 23:11:01 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\DNT1.dll
[2004/08/03 19:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/07/08 07:04:46 | 000,000,015 | ---- | C] () -- C:\WINDOWS\System32\caacedfedaadeca.dll

========== LOP Check ==========

[2009/05/30 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Canon
[2008/06/29 01:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\CD-LabelPrint
[2009/07/25 05:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Cuttermaran
[2009/01/28 02:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\HiYo
[2009/07/28 06:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\Pegasys Inc
[2009/11/09 14:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\QuickScan
[2009/08/09 08:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDo-TVSuite
[2009/08/05 07:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CS Chung\Application Data\VideoReDoPlus
[2009/02/28 18:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\HiYo
[2009/07/24 18:49:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\My Battle for Middle-earth Files
[2007/07/01 21:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Sierra
[2007/11/24 06:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\M Chung\Application Data\Thunderbird
[2009/11/25 06:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Any Video Converter
[2010/01/29 02:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Auslogics
[2010/01/25 01:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Error Fix
[2010/01/22 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Leadertech
[2009/11/26 03:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Mp3tag
[2009/12/13 22:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\My Battle for Middle-earth(tm) II Files
[2009/11/19 05:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Registry Mechanic
[2010/01/25 00:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\ScanSoft
[2010/01/25 23:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Simply Super Software
[2009/11/19 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\Ubisoft
[2010/03/05 07:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\S Chung\Application Data\uTorrent
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/03/05 18:57:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/03/01 06:21:08 | 000,000,490 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< End of report >

Kerjifire · « **Reply #57 on:** March 14, 2010, 05:03:50 AM »

Can u sorta hurry up a bit.... All i wanted is to remove the redirect problem and instead I get a PC which can't even load XP anymore...

I would've prefered a PC which actually works but has a virus over one which doesn't. So I don't care if u just restore everything to what it was earlier, even if it has a rootkit. I just want my XP working.

Dr Jay · « **Reply #58 on:** March 15, 2010, 01:34:17 PM »

Umm... the rootkit shut your computer down. So, if you were not to get help like this, then your PC would have eventually not have booted anymore.

You're going to need a program called TestDisk. It's a free and open source disk recovery program.

Step 1: Download the TestDisk executable here: Download and save it to a flash drive.
Step 2: On the Reatogo desktop, extract the downloaded zip file using your favorite archive extractor.
Step 3: Double-click on the testdisk_win.exe file (found in the win folder of the extracted archive)
Step 4: You will now be at a scary looking text-based command window:

Press Enter here to create a new log file.

Step 5: TestDisk will now detect all local hard drives, and present them in a list like this:

You have indicated that there is only one hard drive attached to your computer, with two partitions. So, use the arrow (up and down) keys to highlight the disk called /dev/sda.

Note: If /dev/sda isn't listed or you have more than one hard drive, STOP and post back here.

With /dev/sda selected, press Enter

Step 6: Now we need to specify the type of partitions that are on your disk. Select Intel (even if you have an AMD processor).

Press Enter.

Step 7: Select Analyse and press Enter.

Quit TestDisk by pressing Q. Post me the testdisk log please (it can be found in the win folder).

Kerjifire · « **Reply #59 on:** March 15, 2010, 11:17:23 PM »

======== EDIT ========

Don't worry about this. I don't know how to delete this post.

Kerjifire · « **Reply #60 on:** March 16, 2010, 01:57:36 AM »

$:-\$ I Hope i did this right:

Tue Mar 16 22:57:05 2010
Command line: TestDisk

TestDisk 6.11.3, Data Recovery Utility, May 2009
Christophe GRENIER <[email protected]>
http://www.cgsecurity.org
OS: Windows XP
Compiler: GCC 4.3, Cygwin 1005.25 - May 6 2009 20:35:43
ext2fs lib: 1.41.4, ntfs lib: 10:0:0, reiserfs lib: 0.3.1-rc8, ewf lib: 20080501
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(/dev/sda)=160040803840
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(/dev/sdb)=1000203804160
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(/dev/sdc)=2019557376
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\PhysicalDrive0)=160040803840
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\PhysicalDrive1)=1000203804160
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\PhysicalDrive2)=2019557376
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\C:)=69511809024
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\D:)=114027024384
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\E:)=48586728960
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\F:)=41940702720
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\G:)=214457725440
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\H:)=318392363520
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\I:)=353325127680
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\J:)=2015363072
disk_get_size_win32 IOCTL_DISK_GET_LENGTH_INFO(\\.\X:)=290244608
file_pread(4,1,buffer,312592769(19457/254/63)) lseek err Invalid argument
file_pread(5,1,buffer,1953536129(121601/254/63)) lseek err Invalid argument
file_pread(6,1,buffer,3951989(245/254/63)) lseek err Invalid argument
Hard disk list
Disk /dev/sda - 160 GB / 149 GiB - CHS 19457 255 63, sector size=512 - WDC WD1600JD-00HBB0
Disk /dev/sdb - 1000 GB / 931 GiB - CHS 121601 255 63, sector size=512 - SAMSUNG HD103UJ
Disk /dev/sdc - 2019 MB / 1926 MiB - CHS 245 255 63, sector size=512 - JetFlash Transcend 2GB
Drive X: - 290 MB / 276 MiB - CHS 69 64 32, sector size=2048 - PIONEER DVD-RW DVR-109

Partition table type (auto): Intel
Disk /dev/sda - 160 GB / 149 GiB - WDC WD1600JD-00HBB0
Partition table type: Intel

Analyse Disk /dev/sda - 160 GB / 149 GiB - CHS 19457 255 63
Geometry from i386 MBR: head=255 sector=63
NTFS at 0/1/1
NTFS at 8451/0/1
NTFS at 14358/0/1
get_geometry_from_list_part_aux head=255 nbr=6
get_geometry_from_list_part_aux head=8 nbr=1
get_geometry_from_list_part_aux head=16 nbr=1
get_geometry_from_list_part_aux head=32 nbr=1
get_geometry_from_list_part_aux head=64 nbr=1
get_geometry_from_list_part_aux head=128 nbr=1
get_geometry_from_list_part_aux head=240 nbr=1
get_geometry_from_list_part_aux head=255 nbr=6
Current partition structure:
1 * HPFS - NTFS 0 1 1 8450 254 63 135765252 [MAIN]
2 P HPFS - NTFS 8451 0 1 14357 254 63 94895955 [GAMES]
3 P HPFS - NTFS 14358 0 1 19456 254 63 81915435 [PHOTOS]

Dr Jay · « **Reply #61 on:** March 16, 2010, 11:00:21 AM »

Ok. I hope this will work now.

Please run OTLPE.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: [Select]

:files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ERDNT\cache\atapi.sys /replace

:commands
[reboot]

Return to OTLPE, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTLPE

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Then, let me know if it can boot.

Kerjifire · « **Reply #62 on:** March 17, 2010, 04:05:05 AM »

The OTLPE won't close unless I select YES to reboot. After I Click YES it won't reboot, or do I needa wait like 1 hour or something?

Dr Jay · « **Reply #63 on:** March 17, 2010, 02:01:15 PM »

Did you try to manually reboot?

Kerjifire · « **Reply #64 on:** March 18, 2010, 12:48:53 AM »

After manual reset, it still can't boot

Dr Jay · « **Reply #65 on:** March 18, 2010, 08:43:25 AM »

Try the fix once more, and attempt a reboot again, please.

Kerjifire · « **Reply #66 on:** March 19, 2010, 05:53:18 AM »

same result as above

Kerjifire · « **Reply #67 on:** March 20, 2010, 04:18:13 PM »

YEEESSSS!!!!!

I got it to boot up again. Heres how I did it. When i turned it on, I pressed F8 to load up the Safe Mode, Safe Mode with Networking menu thing. Then I selected Boot with Last Known Working Settings and it booted up normally. Then I ran the OTL thing and replaced it and reset and now it works

Now can u help me with updating my Malwarebytes. It comes up with this:

[Saving space, attachment deleted by admin]

Kerjifire · « **Reply #68 on:** March 20, 2010, 08:34:38 PM »

I changed antiviruses so that wouldn't happen again to Avira Antivir
Also should I be worried by this:

[Saving space, attachment deleted by admin]

Dr Jay · « **Reply #69 on:** March 20, 2010, 09:13:00 PM »

Good job.

1. Uninstall Malwarebytes' Anti-Malware using Add or Remove programs in the Control Panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.

Open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Kerjifire · « **Reply #70 on:** March 20, 2010, 10:29:54 PM »

The thing is I can't access the Malwarebytes site or the Superantispyware. It comes up with Problem Loading Page. I'll download MBclean from another PC

Malwarebytes did not update.

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/03/2010 4:20:06 PM
mbam-log-2010-03-21 (16-20-06).txt

Scan type: Quick Scan
Objects scanned: 174234
Time elapsed: 9 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Kerjifire · « **Reply #71 on:** March 21, 2010, 05:27:55 AM »

My new antivirus: Avira Antivira detected atapi.sys as a malware.

Heres log:

Avira AntiVir Personal
Report file date: Sunday, 21 March 2010 21:37

Scanning for 1879445 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : S Chung
Computer name : CSC2

Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 00:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/26/2009 23:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 00:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/26/2009 23:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 20:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 02:30:46
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 02:31:00
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 02:31:06
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 02:31:19
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 02:31:19
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 02:31:21
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 02:31:21
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 02:31:25
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 02:31:25
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 02:31:25
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 02:31:26
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 02:31:26
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 02:31:28
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 02:31:29
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 02:31:31
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 02:31:32
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 02:31:35
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 02:31:36
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 02:31:43
VBASE020.VDF : 7.10.5.139 2048 Bytes 3/18/2010 02:31:43
VBASE021.VDF : 7.10.5.140 2048 Bytes 3/18/2010 02:31:44
VBASE022.VDF : 7.10.5.141 2048 Bytes 3/18/2010 02:31:45
VBASE023.VDF : 7.10.5.142 2048 Bytes 3/18/2010 02:31:45
VBASE024.VDF : 7.10.5.143 2048 Bytes 3/18/2010 02:31:45
VBASE025.VDF : 7.10.5.144 2048 Bytes 3/18/2010 02:31:46
VBASE026.VDF : 7.10.5.145 2048 Bytes 3/18/2010 02:31:47
VBASE027.VDF : 7.10.5.146 2048 Bytes 3/18/2010 02:31:47
VBASE028.VDF : 7.10.5.147 2048 Bytes 3/18/2010 02:31:47
VBASE029.VDF : 7.10.5.148 2048 Bytes 3/18/2010 02:31:48
VBASE030.VDF : 7.10.5.149 2048 Bytes 3/18/2010 02:31:48
VBASE031.VDF : 7.10.5.155 59392 Bytes 3/19/2010 02:31:50
Engineversion : 8.2.1.196
AEVDF.DLL : 8.1.1.3 106868 Bytes 3/21/2010 02:32:20
AESCRIPT.DLL : 8.1.3.18 1024378 Bytes 3/21/2010 02:32:19
AESCN.DLL : 8.1.5.0 127347 Bytes 3/21/2010 02:32:15
AESBX.DLL : 8.1.2.1 254323 Bytes 3/21/2010 02:32:22
AERDL.DLL : 8.1.4.3 541043 Bytes 3/21/2010 02:32:14
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/21/2010 02:32:12
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/21/2010 02:32:06
AEHEUR.DLL : 8.1.1.13 2470262 Bytes 3/21/2010 02:32:04
AEHELP.DLL : 8.1.10.2 237941 Bytes 3/21/2010 02:31:55
AEGEN.DLL : 8.1.3.2 373108 Bytes 3/21/2010 02:31:54
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/7/2009 20:38:26
AECORE.DLL : 8.1.12.3 188789 Bytes 3/21/2010 02:31:51
AEBB.DLL : 8.1.0.3 53618 Bytes 11/7/2009 20:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/11/2008 21:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 04:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 3/21/2010 02:32:23
AVREG.DLL : 9.0.0.0 36609 Bytes 12/4/2008 23:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 04:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/29/2009 23:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 04:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/1/2009 21:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/4/2008 23:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 04:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 01:25:47

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, 21 March 2010 21:37

Starting search for hidden objects.
c:\windows\system32\sys_drv.dat
[INFO] The file is not visible.
[NOTE] A backup was created as '4c18f7de.qua' ( QUARANTINE )
c:\windows\system32\sys_drv_2.dat
[INFO] The file is not visible.
[NOTE] A backup was created as '4d9266d7.qua' ( QUARANTINE )
c:\windows\system32\winfldrv.sys
[INFO] The file is not visible.
[NOTE] A backup was created as '4c13f7ce.qua' ( QUARANTINE )
c:\documents and settings\s chung\application data\systemfl.$dk
[INFO] The file is not visible.
[NOTE] A backup was created as '4d961717.qua' ( QUARANTINE )
'68161' objects were checked, '4' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'WinManager.exe' - '1' Module(s) have been scanned
Scan process 'wrapper.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'BDTUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'DNTVSchedulerProTray.exe' - '1' Module(s) have been scanned
Scan process 'ForceField.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ISWSVC.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '69' files ).

Starting the file scan:

Begin scan in 'C:\' <MAIN>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\S Chung\Desktop\ \Downloadz\zaSetup_91_007_002_en.exe

Archive type: ZIP SFX (self extracting)

--> SWITCHUNINST_44ZONE LABS.EXE
[1] Archive type: RSRC
--> WINDOWS6.0-KB929547-V2-X64.MSU
[1] Archive type: CAB (Microsoft)
--> Windows6.0-KB929547-v2-x64.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\maxdriver\atapi.sys
[DETECTION] Is the TR/Patched.Gen Trojan

Beginning disinfection:
C:\WINDOWS\maxdriver\atapi.sys
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to '4c070349.qua'!

End of the scan: Sunday, 21 March 2010 22:28
Used time: 50:34 Minute(s)

The scan has been done completely.

13146 Scanned directories
564106 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
564103 Files not concerned
4673 Archives were scanned
3 Warnings
7 Notes
68161 Objects were scanned with rootkit scan
4 Hidden objects were found

Dr Jay · « **Reply #72 on:** March 21, 2010, 01:33:32 PM »

I already knew that.

Luckily it did not detect the legit one (C:\windows\system32\atapi.sys)

That is the same infection that is continually giving the Google Redirects. Let's put its book on the shelf.

Please download maxlook and save the file to your desktop.
- Double click maxlook.exe to run it. Note - you must run it only once!
- As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Start the Recovery Console directly from the Windows XP CD by do the following:
- Insert the Windows XP cd in your computer.
- Restart your computer so you are booting off of the CD.
- When the Welcome to Setup screen appears, press the R button on your keyboard to start the Recovery Console.
- The Recovery Console will start and ask you which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press enter.
- It will then prompt you for the Administrator's password. If there is no password, simply press enter. Otherwise type in the password and then press enter. If you do not know your password then see this.
- If you entered the correct password you will now be presented with a C:\Windows> prompt and you can start using the Recovery Console.
Type the following bolded command at the C:\windows> prompt and press Enter:
batch look.bat
You will see "1 file(s) copied" many times then return to the c:\windows> prompt.
Type Exit and press Enter to restart your computer then logon in normal mode.

Please run maxlook.exe again now. Note - you must run it only once!
- It will produce looklog.txt on the desktop.
- Please post the results here.

Kerjifire · « **Reply #73 on:** March 22, 2010, 01:35:13 AM »

um... ok? Maxlook didn't ask me to reset. INstead it popped up like this:

Run from C:\Documents and Settings\S Chung\Desktop\maxlook.exe on Mon 22/03/2010 at 18:38:21.93

No infected file found

atapi.sys has gone missing!
avgntdd.sys has gone missing!
avgntflt.sys has gone missing!
avgntmgr.sys has gone missing!
avipbb.sys has gone missing!
ssmdrv.sys has gone missing!

Dr Jay · « **Reply #74 on:** March 22, 2010, 08:34:18 AM »

Ok. Do not reboot your computer until I tell you to. MaxLook did not reboot, because atapi.sys is missing apparently. (If you accidentally shut it down or reboot, your computer may not boot anymore)

Let's do this and replace it:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

Code: [Select]

:filefind
atapi.sys

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Kerjifire · « **Reply #75 on:** March 23, 2010, 01:04:40 AM »

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 18:07 on 23/03/2010 by S Chung (Administrator - Elevation successful)

========== filefind ==========

Searching for "atapi.sys"
C:\WINDOWS\$NtServicePackUninstall$\atapi.sys   -----c 95360 bytes   [22:21 24/10/2009]   [12:00 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\ERDNT\cache\atapi.sys   --a--- 96512 bytes   [08:26 04/02/2010]   [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\ServicePackFiles\i386\atapi.sys   ------ 96512 bytes   [22:05 24/10/2009]   [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\atapi.sys   --a--c 96512 bytes   [18:40 13/04/2008]   [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys   --a--c 96512 bytes   [12:00 04/08/2004]   [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\drivers\atapi.sys   --a--- 96512 bytes   [12:00 04/08/2004]   [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-=End Of File=-

Dr Jay · « **Reply #76 on:** March 23, 2010, 11:10:20 AM »

Ok. That is clean.

How is your computer running at this point?

Kerjifire · « **Reply #77 on:** March 23, 2010, 10:58:04 PM »

atm fine. Just my Reg Mechanic, Superantispyware & Malwarebytes cant update.

Dr Jay · « **Reply #78 on:** March 23, 2010, 11:08:21 PM »

Please download A-Squared HiJackFree from here and save it to your Desktop. Double-click to install. When you launch the program, please wait 1 minute to allow it to load all the Processes, Services, etc.
Then, click the following:

Save the log to the Desktop, or some other memorable place. Then, the log shall launch in Notepad. Please post the results of that log in your next reply.

Kerjifire · « **Reply #79 on:** March 23, 2010, 11:26:29 PM »

I ran combofix again and it found something and my programs update now!

ComboFix 10-03-23.03 - S Chung 24/03/2010 16:08:24.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1461 [GMT 11:00]
Running from: c:\documents and settings\S Chung\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\eSellerateEngine.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-24 to 2010-03-24 )))))))))))))))))))))))))))))))
.

2010-03-22 10:46 . 2010-03-22 10:46   10134   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{D679B939-2FF1-58DE-40E0-4876F5C482A5}\ARPPRODUCTICON.exe
2010-03-21 23:56 . 2010-03-21 23:56   --------   d-----w-   C:\_OTL
2010-03-21 04:55 . 2010-01-07 05:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-21 04:55 . 2010-03-21 04:55   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-03-21 04:55 . 2010-01-07 05:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-03-21 03:57 . 2010-03-21 03:57   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Ahead
2010-03-21 02:28 . 2010-03-22 04:53   56816   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2010-03-21 02:28 . 2009-03-29 22:33   96104   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2010-03-21 02:28 . 2009-02-13 00:29   22360   ----a-w-   c:\windows\system32\drivers\avgntmgr.sys
2010-03-21 02:28 . 2009-02-13 00:17   45416   ----a-w-   c:\windows\system32\drivers\avgntdd.sys
2010-03-21 02:28 . 2010-03-21 02:28   --------   d-----w-   c:\program files\Avira
2010-03-21 02:28 . 2010-03-21 02:28   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2010-03-21 00:03 . 2010-03-21 00:03   --------   d-----w-   c:\documents and settings\S Chung\Application Data\CheckPoint
2010-03-21 00:03 . 2010-03-21 00:03   --------   d-----w-   c:\program files\CheckPoint
2010-03-21 00:03 . 2009-11-22 04:42   69000   ----a-w-   c:\windows\system32\zlcomm.dll
2010-03-21 00:03 . 2009-11-22 04:42   103816   ----a-w-   c:\windows\system32\zlcommdb.dll
2010-03-21 00:03 . 2009-11-22 04:42   1238408   ----a-w-   c:\windows\system32\zpeng25.dll
2010-03-20 22:51 . 2009-12-16 03:42   43008   ----a-w-   c:\documents and settings\M Chung\Application Data\Mozilla\Firefox\Profiles\9og0wtej.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-20 22:51 . 2009-12-16 03:42   340480   ----a-w-   c:\documents and settings\M Chung\Application Data\Mozilla\Firefox\Profiles\9og0wtej.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-20 22:51 . 2009-12-16 03:42   872960   ----a-w-   c:\documents and settings\M Chung\Application Data\Mozilla\Firefox\Profiles\9og0wtej.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-20 22:51 . 2009-12-16 03:41   346624   ----a-w-   c:\documents and settings\M Chung\Application Data\Mozilla\Firefox\Profiles\9og0wtej.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-20 22:47 . 2010-03-20 22:47   --------   d-sh--w-   c:\documents and settings\M Chung\IECompatCache
2010-03-18 05:13 . 2010-03-07 19:31   549888   ----a-r-   C:\OTLPE.exe
2010-03-12 21:28 . 2008-04-14 00:11   56320   ----a-w-   c:\windows\system32\eventlog.dll
2010-03-07 04:47 . 2010-03-07 04:47   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2010-03-07 04:36 . 2010-03-07 04:36   --------   d-----w-   C:\ATI
2010-03-07 04:17 . 2010-03-07 04:17   --------   d-----w-   c:\program files\Phyxion.net
2010-03-07 03:09 . 2010-03-07 03:09   10134   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{638965F2-4A84-F3D5-DE33-FE6A8B1EF01C}\ARPPRODUCTICON.exe
2010-03-06 04:41 . 2010-03-06 04:50   --------   d-----w-   c:\windows\maxdriver
2010-03-04 07:39 . 2010-03-06 01:28   --------   d-----w-   c:\documents and settings\S Chung\Application Data\mIRC
2010-03-02 10:46 . 2010-03-02 10:46   52224   ----a-w-   c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-02 09:08 . 2010-03-02 09:09   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2010-03-02 09:08 . 2010-03-02 09:08   --------   d-----w-   c:\windows\system32\drivers\NSS
2010-03-02 09:08 . 2010-03-02 09:08   --------   d-----w-   c:\program files\Norton Security Scan
2010-03-02 09:08 . 2010-03-02 09:08   --------   d-----w-   c:\program files\NortonInstaller
2010-03-02 09:08 . 2010-03-02 09:08   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller
2010-03-01 11:14 . 2010-02-19 08:31   31936   ----a-w-   c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-03-01 11:14 . 2010-02-19 08:31   29344   ----a-w-   c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-02-27 04:40 . 2010-02-27 04:40   --------   d-----w-   c:\documents and settings\CS Chung\Application Data\Logitech
2010-02-26 23:36 . 2010-03-06 00:16   --------   d-----w-   c:\program files\WhoCrashed
2010-02-23 11:21 . 2010-02-23 11:21   --------   d-----w-   c:\program files\Combined Community Codec Pack
2010-02-23 11:16 . 2009-06-07 05:24   180224   ----a-w-   c:\windows\system32\xvidvfw.dll
2010-02-23 11:16 . 2009-06-07 05:16   819200   ----a-w-   c:\windows\system32\xvidcore.dll
2010-02-23 11:16 . 2010-03-02 09:05   --------   d-----w-   c:\program files\Xvid
2010-02-23 05:53 . 2010-02-23 05:58   --------   d-----w-   c:\program files\MegaLeecher
2010-02-22 07:22 . 2010-03-21 03:34   --------   d-----w-   c:\documents and settings\S Chung\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 05:00 . 2007-11-11 03:37   1591648   ----a-w-   c:\windows\Internet Logs\tvDebug.Zip
2010-03-24 04:57 . 2007-06-21 11:13   --------   d---a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-03-21 04:55 . 2009-11-19 10:05   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Malwarebytes
2010-03-21 04:55 . 2009-10-25 01:28   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-03-21 04:40 . 2010-01-26 03:06   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-03-21 00:08 . 2010-01-26 01:28   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-03-21 00:07 . 2009-06-07 06:33   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-03-21 00:03 . 2007-06-14 11:42   4212   ---ha-w-   c:\windows\system32\zllictbl.dat
2010-03-07 04:47 . 2009-11-19 10:05   --------   d-----w-   c:\documents and settings\S Chung\Application Data\ATI
2010-03-07 04:41 . 2010-03-07 04:37   --------   d-----w-   c:\program files\ATI Technologies
2010-03-07 04:37 . 2010-03-07 04:37   --------   d-----w-   c:\program files\ATI
2010-03-06 01:15 . 2009-11-09 09:16   --------   d-----w-   c:\program files\mIRC
2010-03-06 00:17 . 2008-04-25 05:16   --------   d-----w-   c:\program files\Lavasoft
2010-03-06 00:17 . 2007-11-05 03:08   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2010-03-03 06:40 . 2005-04-10 12:26   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-03-02 10:46 . 2010-01-26 01:28   65024   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-03-02 10:46 . 2010-01-26 01:28   5120   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-03-02 09:08 . 2007-06-14 11:01   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2010-03-02 09:05 . 2007-10-30 07:51   --------   d-----w-   c:\program files\Windows Media Connect 2
2010-03-01 11:22 . 2008-11-02 09:43   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\NOS
2010-02-27 06:25 . 2007-11-20 10:21   --------   d-----w-   c:\program files\GameSpy Arcade
2010-02-27 05:20 . 2009-11-27 05:41   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Skype
2010-02-27 04:40 . 2007-06-14 11:46   149440   ----a-w-   c:\documents and settings\CS Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-26 10:53 . 2009-07-02 01:31   --------   d-----w-   c:\program files\DivX
2010-02-26 10:53 . 2009-05-22 11:46   --------   d-----w-   c:\program files\AskBarDis
2010-02-25 09:57 . 2009-07-31 12:26   --------   d-----w-   c:\program files\CamStudio
2010-02-23 11:20 . 2009-07-02 01:31   --------   d-----w-   c:\program files\Common Files\DivX Shared
2010-02-23 07:43 . 2008-08-03 09:07   401408   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-23 07:43 . 2008-08-03 09:07   765952   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-22 07:22 . 2010-02-11 06:29   --------   d-----w-   c:\program files\uTorrent
2010-02-21 11:12 . 2008-09-02 07:30   --------   d-----r-   c:\program files\Skype
2010-02-21 11:11 . 2008-09-02 07:30   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2010-02-17 09:29 . 2010-01-26 01:28   117760   ----a-w-   c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-16 09:48 . 2010-02-16 09:48   180224   ----a-w-   c:\windows\system32\WinVd32.sys
2010-02-16 09:48 . 2010-02-16 09:48   7680   ----a-w-   c:\windows\system32\WinFLsrv.exe
2010-02-16 06:54 . 2010-02-16 06:37   --------   d-----w-   c:\program files\Audio Mid Recorder
2010-02-16 06:35 . 2007-08-25 04:54   --------   d-----w-   c:\program files\Common Files\AVSMedia
2010-02-16 06:35 . 2009-12-07 02:03   --------   d-----w-   c:\program files\AVS4YOU
2010-02-16 06:25 . 2009-11-26 08:15   --------   d-----w-   c:\program files\Mp3tag
2010-02-14 00:27 . 2010-01-26 03:06   --------   d-----w-   c:\program files\Spyware Doctor
2010-02-13 08:37 . 2010-02-12 11:04   --------   d-----w-   c:\documents and settings\S Chung\Application Data\vlc
2010-02-13 05:29 . 2010-02-13 05:29   --------   d-----w-   c:\documents and settings\S Chung\Application Data\dvdcss
2010-02-10 11:12 . 2010-02-10 11:12   --------   d-----w-   c:\documents and settings\S Chung\Application Data\AVS4YOU
2010-02-07 16:41 . 2010-02-07 16:41   86016   ----a-w-   c:\windows\system32\frapsvid.dll
2010-02-04 20:09 . 2010-02-04 20:09   503808   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcp71.dll
2010-02-04 20:09 . 2010-02-04 20:09   348160   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcr71.dll
2010-02-04 20:09 . 2010-02-04 20:09   499712   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\jmc.dll
2010-02-04 20:09 . 2010-02-04 20:09   61440   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-sse.dll
2010-02-04 20:09 . 2010-02-04 20:09   12800   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-d3d.dll
2010-02-04 20:04 . 2007-06-17 06:59   149440   ----a-w-   c:\documents and settings\M Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 20:04 . 2010-02-04 20:04   --------   d-----w-   c:\documents and settings\M Chung\Application Data\Logitech
2010-02-03 11:32 . 2008-08-23 11:04   --------   d-----w-   c:\program files\Sun
2010-02-03 11:30 . 2005-04-09 08:52   --------   d-----w-   c:\program files\Java
2010-02-03 04:52 . 2007-09-14 14:04   4605952   ----a-w-   c:\windows\system32\drivers\ati2mtag.sys
2010-02-03 04:12 . 2010-03-07 04:37   45056   ----a-w-   c:\windows\system32\aticalrt.dll
2010-02-03 04:12 . 2010-03-07 04:37   45056   ----a-w-   c:\windows\system32\aticalcl.dll
2010-02-03 04:10 . 2010-03-07 04:37   3633152   ----a-w-   c:\windows\system32\aticaldd.dll
2010-02-03 04:07 . 2010-03-07 04:37   311296   ----a-w-   c:\windows\system32\atiiiexx.dll
2010-02-03 04:02 . 2010-03-07 04:37   14188544   ----a-w-   c:\windows\system32\atioglxx.dll
2010-02-03 03:50 . 2004-05-07 03:16   3566048   ----a-w-   c:\windows\system32\ati3duag.dll
2010-02-03 03:40 . 2010-03-07 04:37   446464   ----a-w-   c:\windows\system32\ATIDEMGX.dll
2010-02-03 03:39 . 2010-03-07 04:37   301568   ----a-w-   c:\windows\system32\ati2dvag.dll
2010-02-03 03:35 . 2004-05-07 03:16   2176640   ----a-w-   c:\windows\system32\ativvaxx.dll
2010-02-03 03:34 . 2010-03-07 04:37   887724   ----a-w-   c:\windows\system32\ativva6x.dat
2010-02-03 03:34 . 2010-03-07 04:37   3   ----a-w-   c:\windows\system32\ativva5x.dat
2010-02-03 03:32 . 2010-03-07 04:37   397312   ----a-w-   c:\windows\system32\atiok3x2.dll
2010-02-03 03:23 . 2010-03-07 04:37   208896   ----a-w-   c:\windows\system32\atipdlxx.dll
2010-02-03 03:23 . 2010-03-07 04:37   155648   ----a-w-   c:\windows\system32\Oemdspif.dll
2010-02-03 03:23 . 2010-03-07 04:37   26112   ----a-w-   c:\windows\system32\Ati2mdxx.exe
2010-02-03 03:23 . 2010-03-07 04:37   43520   ----a-w-   c:\windows\system32\ati2edxx.dll
2010-02-03 03:22 . 2010-03-07 04:37   159744   ----a-w-   c:\windows\system32\ati2evxx.dll
2010-02-03 03:21 . 2010-03-07 04:37   602112   ----a-w-   c:\windows\system32\ati2evxx.exe
2010-02-03 03:19 . 2010-03-07 04:37   53248   ----a-w-   c:\windows\system32\ATIDDC.DLL
2010-02-03 03:19 . 2010-03-07 04:37   143360   ----a-w-   c:\windows\system32\atiapfxx.exe
2010-02-03 03:18 . 2010-03-07 04:37   65024   ----a-w-   c:\windows\system32\atimpc32.dll
2010-02-03 03:18 . 2010-03-07 04:37   65024   ----a-w-   c:\windows\system32\amdpcom32.dll
2010-02-03 03:17 . 2010-03-07 04:37   53248   ----a-w-   c:\windows\system32\drivers\ati2erec.dll
2010-02-03 03:15 . 2010-03-07 04:37   565248   ----a-w-   c:\windows\system32\atikvmag.dll
2010-02-03 03:12 . 2010-03-07 04:37   180224   ----a-w-   c:\windows\system32\atiadlxx.dll
2010-02-03 03:12 . 2010-03-07 04:37   17408   ----a-w-   c:\windows\system32\atitvo32.dll
2010-02-03 03:06 . 2004-05-07 03:15   638976   ----a-w-   c:\windows\system32\ati2cqag.dll
2010-02-02 08:37 . 2005-04-06 13:23   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-02-02 08:37 . 2009-10-27 10:01   --------   d-----w-   c:\program files\Macromedia
2010-02-02 08:37 . 2009-10-27 10:03   --------   d-----w-   c:\program files\Common Files\Macromedia
2010-02-02 08:20 . 2010-02-02 08:19   --------   d-----w-   c:\program files\Hypersnap
2010-01-29 07:54 . 2010-01-18 04:54   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Auslogics
2010-01-29 07:48 . 2010-01-18 04:54   --------   d-----w-   c:\program files\Auslogics
2010-01-28 10:32 . 2010-01-28 10:32   --------   d-----w-   c:\program files\New Folder
2010-01-28 10:02 . 2009-07-23 10:26   --------   d-----w-   c:\program files\Paint.NET
2010-01-28 09:58 . 2009-06-21 02:44   149440   ----a-w-   c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-28 07:11 . 2010-01-28 07:03   --------   d-----w-   c:\program files\Common Files\ATI Technologies
2010-01-28 07:03 . 2010-01-28 07:03   9158   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-01-27 05:12 . 2008-07-03 07:37   215104   ----a-w-   c:\windows\system32\PnkBstrB.exe
2010-01-27 04:38 . 2008-07-03 07:38   138576   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2010-01-27 01:44 . 2009-10-25 05:09   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-01-26 21:21 . 2009-05-26 08:12   --------   d-----w-   c:\program files\Logitech
2010-01-26 21:17 . 2009-05-26 08:12   --------   d-----w-   c:\program files\Common Files\Logitech
2010-01-26 11:20 . 2010-01-26 11:20   --------   d-----w-   c:\program files\Realtek AC97
2010-01-26 09:29 . 2010-01-26 09:29   --------   d-----w-   c:\program files\Driver-Soft
2010-01-26 04:16 . 2010-01-26 04:16   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Simply Super Software
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
2000-01-01 00:00 . 2000-01-01 00:00   23   --sh--r-   c:\windows\mtlid64s2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 08:22   333192   ----a-w-   c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-01-22 67128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"DNTVSchedulerProTray Icon"="c:\program files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe" [2009-03-14 167936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 03:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 01:28   72208   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0sprestrt\0sprestrt\0sprestrt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Battle For Middle Earth I\\game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Call of Duty Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Nexon\\Combat Arms\\NMService.exe"=
"h:\combat arms\CombatArms.exe"= h:\combat arms\CombatArms.exe:*Enabled:CombatArms.exe
"h:\combat arms\Engine.exe"= h:\combat arms\Engine.exe:*Enabled:Engine.exe
"h:\\Combat Arms\\NMService.exe"=
"h:\\Prince of Persia\\Prince of Persia.exe"=
"h:\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"h:\\BFME2\\game.dat"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\S Chung\\Desktop\\ \\Downloads\\utorrent(2).exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58508:TCP"= 58508:TCP:Pando Media Booster
"58508:UDP"= 58508:UDP:Pando Media Booster

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [26/01/2010 2:06 PM 207792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 10:15 AM 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [21/03/2010 1:28 PM 108289]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [26/01/2010 2:08 PM 112592]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [15/10/2009 12:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [15/10/2009 12:30 AM 476528]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/01/2010 11:38 AM 10384]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [16/02/2010 8:48 PM 17984]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 SuperMounter;SuperMounter;

S2 DNTVSchedulerPro;DNTV Scheduler Pro Service;c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf --> c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf [?]
S2 gupdate1ca0c3d8ecb7ade;Google Update Service (gupdate1ca0c3d8ecb7ade);c:\program files\Google\Update\GoogleUpdate.exe [24/07/2009 8:03 PM 133104]
S2 msrvc;msrvc;c:\ssrcc\msrvc.exe --> c:\ssrcc\msrvc.exe [?]
S2 ssrcc;ssrcc;c:\ssrcc\ssrcc.exe --> c:\ssrcc\ssrcc.exe [?]
S3 gagp440p;gAGP440p;

S3 lwadihid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [24/06/2008 8:01 PM 20864]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 10:15 AM 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [26/01/2010 2:10 PM 359624]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]

2010-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-02 09:01]

2010-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab6d4c3b7d16a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]

2010-03-21 c:\windows\Tasks\Install_NSS.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-03-01 11:20]

2010-03-21 c:\windows\Tasks\Norton Security Scan for S Chung.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-03-02 09:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-VLC media player - k:\my computer\My Videos\VLC Media Player\VLC\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 16:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\sys_drv.dat 9036 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\windows\system32\WinFLdrv.sys 17984 bytes executable
c:\documents and settings\S Chung\Application Data\systemfl.$dk 990 bytes

scan completed successfully
hidden files: 4

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atapi]
"ImagePath"="System32\Drivers\atapi.svs"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(876)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2010-03-24 16:27:42
ComboFix-quarantined-files.txt 2010-03-24 05:27
ComboFix2.txt 2010-02-25 07:51

Pre-Run: 13,737,954,816 bytes free
Post-Run: 13,862,326,272 bytes free

- - End Of File - - 103B9726A1F4ECD5CDE9533D4614239E

Dr Jay · « **Reply #80 on:** March 23, 2010, 11:29:34 PM »

That isn't much. Let's check out the HOSTS file. I think it is blocking the sites you cannot go to. (SuperAntiSpyware MBAM etc)

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.

Set it to Maximum

IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.

Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Kerjifire · « **Reply #81 on:** March 23, 2010, 11:40:32 PM »

http://www.getsysteminfo.com/read.php?file=209b3cdc36893b21932b2fb7be8c726f

btw for future GetSystemInfo's for other ppl, it auto uploads to Kaspersky GSI Parser

Dr Jay · « **Reply #82 on:** March 24, 2010, 12:22:37 PM »

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose Copy):

Code: [Select]

:files
C:\WINDOWS\system32\caacedfedaadeca.dll
C:\WINDOWS\system32\DNT1.dll
C:\WINDOWS\system32\DNT2.dll
C:\WINDOWS\system32\DNT3.dll
C:\WINDOWS\system32\DNT4.dll
C:\WINDOWS\system32\OOD2KBS.exe
C:\WINDOWS\system32\ood2kmsg.dll
C:\WINDOWS\system32\OODCSPRO.dll

:commands
[purity]
[emptytemp]
[reboot]

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Kerjifire · « **Reply #83 on:** March 25, 2010, 02:17:16 AM »

All processes killed
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\caacedfedaadeca.dll
C:\WINDOWS\system32\caacedfedaadeca.dll moved successfully.
C:\WINDOWS\system32\DNT1.dll moved successfully.
C:\WINDOWS\system32\DNT2.dll moved successfully.
C:\WINDOWS\system32\DNT3.dll moved successfully.
C:\WINDOWS\system32\DNT4.dll moved successfully.
C:\WINDOWS\system32\OOD2KBS.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ood2kmsg.dll
C:\WINDOWS\system32\ood2kmsg.dll moved successfully.
C:\WINDOWS\system32\OODCSPRO.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: All Users.WINDOWS

User: CS Chung
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297067 bytes
->Java cache emptied: 19431866 bytes
->FireFox cache emptied: 41971127 bytes
->Flash cache emptied: 4577 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 67015797 bytes
->Flash cache emptied: 1487 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 1984776 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 4360068 bytes

User: M Chung
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297723 bytes
->Java cache emptied: 67034502 bytes
->FireFox cache emptied: 48346844 bytes
->Flash cache emptied: 40412 bytes

User: MSOCache

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 1985080 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes

User: S Chung
->Temp folder emptied: 1430880 bytes
->Temporary Internet Files folder emptied: 10899199 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58731322 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 9101 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 21466278 bytes
%systemroot%\System32 .tmp files removed: 5786641 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1040547 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33661 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 337.00 mb

OTM by OldTimer - Version 3.1.10.1 log created on 03252010_191021

Files moved on Reboot...
C:\Documents and Settings\S Chung\Local Settings\Temp\~DF4ED.tmp moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\S Chung\Local Settings\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\XUL.mfl moved successfully.
File C:\WINDOWS\temp\ZLT0042f.TMP not found!

Registry entries deleted on Reboot...

Dr Jay · « **Reply #84 on:** March 25, 2010, 11:11:10 AM »

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Kerjifire · « **Reply #85 on:** March 27, 2010, 12:56:54 AM »

it's taking a really long time =.= aka. 5% after 30 mins

Dr Jay · « **Reply #86 on:** March 27, 2010, 06:30:26 AM »

Post the log when done.

Kerjifire · « **Reply #87 on:** March 27, 2010, 09:52:40 PM »

ok... it screws up. It ends up saying something like: No File. Windows has failed writing. i tried it 2 times

Dr Jay · « **Reply #88 on:** March 28, 2010, 02:33:50 PM »

Try a different one.

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

Kerjifire · « **Reply #89 on:** March 29, 2010, 11:41:20 PM »

KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, March 30, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, March 29, 2010 21:36:02
Records in database: 3898164
Scan settings
scan using the following database    extended
Scan archives    yes
Scan e-mail databases    yes
Scan area    My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Objects scanned    242308
Threats found    1
Infected objects found    2
Suspicious objects found    0
Scan duration    06:09:41

File name    Threat    Threats count
C:\Program Files\mIRC\mirc.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.g   1
C:\Program Files\mIRC\mirc.exe.bak   Infected: not-a-virus:Client-IRC.Win32.mIRC.g   1
Selected area has been scanned.

Took so long =.=

Dr Jay · « **Reply #90 on:** March 29, 2010, 11:42:33 PM »

Clean.

Kerjifire · « **Reply #91 on:** March 29, 2010, 11:48:19 PM »

ty

for ur help. My windows login startup is faster

Dr Jay · « **Reply #92 on:** March 30, 2010, 12:57:54 PM »

You're welcome.

Computer Hope Forum

News:

Author Topic: Google Redirect (Read 49188 times)

Kerjifire

Dr Jay

Kerjifire

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Kerjifire

Kerjifire

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Kerjifire

Dr Jay

Kerjifire

Kerjifire

Dr Jay

Kerjifire

Kerjifire

Dr Jay

Kerjifire

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Kerjifire

Dr Jay

Kerjifire

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Dr Jay

Kerjifire

Kerjifire

Kerjifire

Dr Jay

Kerjifire

Kerjifire

Dr Jay

Kerjifire