PDA

View Full Version : Can't Boot XP Pro SP3, but Have Recovery Console



rich97702
2010-03-16, 06:49
Hello,
I have a screen shot (via camera) of the BSOD I get when trying to boot. This happens with all boot choices (F8). I can however open the XP Recovery Console, to the command prompt: C:\WINDOWS
I assume that's a good thing :eek: but my knowledge of this console is nil. I DID run CHKDSK /p twice; 1st time it "fixed one or more" problems, 2nd time showed only allocation units etc.
I also swapped locations of the memory cards (2X500MG), and tried each by itself, with no change.
The original BSOD (after clicking on what I expected to be a fix-it video for my Toyota Tacoma) was slightly different than the one I get now (WHICH INCLUDES: "IRQL NOT LESS OR EQUAL") in that it mentioned-
SPCMDCON.SYS followed by PAGE FAULT IN NONPAGED AREA

Really hoping you can help.
Regardless, thanks so much for being here.
Rich Feldman

THE VICTIM:
Windows XP Pro SP3
Compaq V2401CL laptop
1 gig of RAM
76 gig hard drive (about 12 gig free)

and as of yesterday, from which I write:

Windows 7 Home Premium (now up to date)
HP G60-635DX Notebook

ken545
2010-03-18, 14:18
Hello Rich,

Post here, like safer its free but you will need to register, this is there windows forum and they can help getting you up and running, we just do malware removal in this one.
http://forums.whatthetech.com/Microsoft_Windows_f119.html

Then post back to this thread with this scan so we can see if everything is alright.
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

rich97702
2010-03-18, 17:12
Thanks much Ken- will post back.
Rich

rich97702
2010-03-21, 02:29
Ken,
I'm less than satisfied with what I've gotten from WHATTHETECH. I paste below the thread in hopes that you have another idea.
I have access to all files via OTLPE http://www.reatogo.de/REATOGO.htm so I'm painstakingly moving everything I can to a large USB drive. All looks to be present and accounted for.

Two years ago you helped me install the recovery console- it seems like a probable route, given it's name.
Thanks for any direction here,
Rich
-------------------------------------------------------------------

rich97702
2010-03-21, 02:30
Running chkdsk with the p switch was a good move, but it may be necessary to probe a little deeper.
Try running chkdsk again but this time with the r switch
chkdsk /r
allow plenty of time for this to happen....
it may be necessary to run this again if the first run finds and fixes errors.
Next have you installed or uninstalled any hardware of software or made any system alterations recently...?
let us know how you go
Regards
paws
-----------------------------------------------------------------------
No changes, but last night I did make a REATOGO disc and ran a scan using these instructions (from another post- I know) :
__________________

You will find an icon on the desktop called OTLPE > Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings * Change Drivers to SafeList
Press Run Scan to start the scan.
____________________

It was sure nice to see that all my files, 9 years worth, are intact! First good sign in 6 days. Scan results are available.
Will run chkdisc 2x if necessary and will post back shortly.
Rich
------------------------------------------------------------------------
chkdsk ran fine but fixed nothing.
I include below the aforementioned OTL logfile, in case it helps. If not- ignore.

OTL logfile created on: 3/18/2010 9:20:07 AM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 15.17 Gb Free Space | 20.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (Symantec Core LC)
SRV - File not found [Disabled] -- -- (NMIndexingService)
SRV - File not found [Disabled] -- -- (Nero BackItUp Scheduler 3)
SRV - File not found [Disabled] -- -- (MaxBackServiceInt)
SRV - File not found [Disabled] -- -- (LiveUpdate)
SRV - File not found [Disabled] -- -- (Iomega Activity Disk2)
SRV - File not found [On_Demand] -- -- (getPlus® Helper) getPlus®
SRV - File not found [Disabled] -- -- (CarboniteService)
SRV - File not found [Disabled] -- -- (Bonjour Service)
SRV - File not found [Disabled] -- -- (Automatic LiveUpdate Scheduler)
SRV - File not found [Disabled] -- -- (Adobe Version Cue CS3)
SRV - [2010/01/14 19:08:13 | 000,070,928 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/12/10 23:18:26 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/10/20 01:37:53 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/09 00:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/07/26 12:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 12:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Disabled] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008/07/07 19:26:02 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [Disabled] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/06/01 12:10:50 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2008/05/29 12:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/04/13 20:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Disabled] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/01/06 15:07:26 | 000,077,824 | ---- | M] (HP) [Disabled] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)
SRV - [2004/08/04 04:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- -- (tzraqlo)
DRV - File not found [Unknown (0) | On_Demand] -- -- (TfKbMon)
DRV - File not found [Kernel | On_Demand] -- -- (portio)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (HSF_DPV)
DRV - File not found [Kernel | System] -- -- (eabfiltr)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | System] -- -- (Beep)
DRV - File not found [Kernel | On_Demand] -- -- (Ad-Watch Connect Filter)
DRV - [2010/01/14 19:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 19:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/14 19:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/12/03 20:13:56 | 000,019,160 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMDrvService)
DRV - [2009/09/08 21:10:53 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/05/09 04:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/10/30 17:10:48 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/10/23 05:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/21 00:52:41 | 003,299,840 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/07/28 21:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/26 12:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/06/20 07:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/01 12:10:50 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/05/02 02:12:04 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/12/06 21:41:42 | 000,220,032 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/03 16:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2006/09/28 00:44:46 | 000,079,393 | ---- | M] (Roland Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rdwm1027.sys -- (RDID1027)
DRV - [2006/08/18 12:07:28 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/06 17:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/06/19 02:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/06 15:07:27 | 000,050,276 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11)
DRV - [2006/01/06 15:07:27 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2006/01/06 15:07:27 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2006/01/06 15:07:26 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2005/09/01 17:11:52 | 000,016,768 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/09/01 15:27:45 | 000,014,080 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2005/09/01 15:24:44 | 001,081,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam for Notebooks Pro(UVC)
DRV - [2005/09/01 15:20:51 | 000,022,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/07/01 13:15:06 | 000,025,344 | R--- | M] (Iomega) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\IABFilt.sys -- (IABFilt)
DRV - [2005/04/20 20:46:42 | 000,350,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/04/20 20:45:48 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/01/18 12:52:16 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/12/15 11:18:30 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2004/12/15 11:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 11:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/10/15 16:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/03/25 04:04:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/25 04:04:00 | 000,098,650 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/25 04:04:00 | 000,085,978 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/25 04:04:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/25 04:04:00 | 000,025,691 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/25 04:04:00 | 000,014,235 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/25 04:04:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/25 04:04:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/25 04:04:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/02/27 05:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/02/25 00:23:32 | 000,125,184 | ---- | M] (Plextor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Xstream.sys -- (WISTechVIDCAP)
DRV - [2004/02/13 06:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/21 23:55:12 | 000,013,184 | ---- | M] (Plextor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\XLoader.sys -- (XLoader) PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys)
DRV - [2004/01/14 22:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 22:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/12/19 05:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\WINDOWS\system32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2003/09/19 05:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/04/16 13:16:58 | 000,951,284 | ---- | M] (Roland) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vsc.sys -- (vsc32)
DRV - [2001/04/13 22:16:38 | 000,187,992 | ---- | M] (Roland) [Kernel | Auto] -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys -- (RVIEG01)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

IE - HKU\Richard_Feldman_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Richard_Feldman_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Richard_Feldman_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\Richard_Feldman_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Richard_Feldman_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Richard_Feldman_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 03:24:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/06 11:33:24 | 000,000,000 | ---D | M]

[2009/12/24 22:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2008/03/30 12:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b6vpx9pk.default\extensions
[2010/03/13 17:09:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/23 00:13:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008/07/01 02:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Richard_Feldman_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Richard_Feldman_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Richard_Feldman_ON_C\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Richard_Feldman_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Richard_Feldman_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Richard_Feldman_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Richard_Feldman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKU\Richard_Feldman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Richard_Feldman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\Richard_Feldman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\Richard_Feldman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\Richard_Feldman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 3
O7 - HKU\Richard_Feldman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\Richard_Feldman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\Richard_Feldman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\Richard_Feldman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\Richard_Feldman_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll File not found
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll File not found
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} https://favorites.live.com/cab/ImportAx.cab?v=13,0,1609,00 (FavImport Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantaccount.quickbooks.com/sync...ncCom1_2009.cab (QBMASSyncCom1_2009.UserControl1)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1187565712125 (MUWebControl Class)
O16 - DPF: {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantaccount.quickbooks.com/sync...ncCom2_2008.cab (QBMASSyncCom2_2008.UserControl1)
O16 - DPF: {7DD82D6B-3553-470B-8D1E-D5C7086478A7} https://merchantaccount.quickbooks.com/sync...ncCom2_2005.cab (QBMASSyncCom2_2005.UserControl1)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab (HPObjectInstaller Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {F21AC8A4-4322-11D6-8EBE-0001023D1A2A} https://merchantaccount.quickbooks.com/recu...RecurPayCom.cab (IntuitRecurPayCom.UserControl1)
O16 - DPF: {F8A9F96F-8375-4596-BD89-EEAE2781D810} https://merchantaccount.quickbooks.com/sync...MASSyncCom1.cab (QBMASSyncCom1.UserControl1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.228.160.3 216.228.160.4
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/RICHAR~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.png
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\My Documents\Clipboard02.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\geBsrOHx) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{48708b76-688a-11dd-a9b0-0014a56f3b32}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\P\Shell - "" = AutoRun
O33 - MountPoints2\P\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\P\Shell\AutoRun\command - "" = P:\Autoplay.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/13 17:35:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp
[2010/03/06 20:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Feldman\My Documents\Joe's Rental
[2010/03/03 19:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\webserver
[2010/03/03 19:06:44 | 000,206,848 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Documents and Settings\Richard Feldman\Local Settings\Application Data\rdr_1267657585.exe.exe
[2010/02/26 19:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Feldman\My Documents\Bend Jazz Trio pdfs
[2010/02/23 00:13:23 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/02/22 19:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Feldman\Local Settings\Application Data\Temp
[2010/02/19 03:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Feldman\My Documents\Flute Wedgehead
[2010/02/18 13:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Feldman\Application Data\MusE
[2010/02/18 13:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Feldman\Local Settings\Application Data\MusE
[2010/02/18 13:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\MuseScore 0.9
[2010/02/18 03:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Feldman\My Documents\JBL
[2010/02/18 01:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Feldman\Desktop\Deco Tunes
[2008/01/28 10:37:36 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Richard Feldman\Application Data\pcouffin.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/13 18:16:57 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/03/13 18:16:51 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/03/13 18:16:17 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\Desktop\video-plugin.40030.exe
[2010/03/13 16:38:14 | 000,045,080 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\Application Data\wklnhst.dat
[2010/03/11 12:45:51 | 000,000,125 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\Desktop\Google - Compare mortgages.URL
[2010/03/11 03:55:51 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\Desktop\Office Outlook 2007.lnk
[2010/03/11 03:48:37 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/03/11 03:48:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/11 03:47:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/11 03:47:54 | 000,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/03/11 03:46:30 | 020,185,088 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\ntuser.dat
[2010/03/11 03:46:30 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/03/11 03:46:30 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/03/11 03:46:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Richard Feldman\ntuser.ini
[2010/03/11 03:44:57 | 017,800,048 | -H-- | M] () -- C:\Documents and Settings\Richard Feldman\Local Settings\Application Data\IconCache.db
[2010/03/10 22:08:57 | 000,000,066 | ---- | M] () -- C:\WINDOWS\BBW_INFO.INI
[2010/03/10 15:39:00 | 000,004,362 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\My Documents\So Help Me Jesus word perfect.wpd
[2010/03/10 15:39:00 | 000,003,349 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\My Documents\So Help Me Jesus msword.doc
[2010/03/05 21:38:44 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 19:29:51 | 001,786,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/03 19:06:30 | 000,206,848 | ---- | M] (Realtek Semiconductor Corporation) -- C:\Documents and Settings\Richard Feldman\Local Settings\Application Data\rdr_1267657585.exe.exe
[2010/02/28 17:45:29 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\Application Data\default.rss
[2010/02/28 17:45:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/26 21:50:56 | 000,154,016 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/26 20:18:50 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/02/25 20:32:15 | 000,026,420 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\My Documents\Love Dance Concert Eb TENOR.pdf
[2010/02/25 20:29:16 | 000,026,051 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\My Documents\Love Dance Concert Bb TENOR.pdf
[2010/02/25 20:23:47 | 000,025,664 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\My Documents\Love Dance Concert Bb.pdf
[2010/02/25 19:58:59 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-438389835-3352072604-3910823140-1005Core1cab6767fbe6be4.job
[2010/02/24 09:12:31 | 260,482,833 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\My Documents\plating_in_the_small_shop.wmv
[2010/02/24 06:35:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/22 23:56:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/02/21 14:22:56 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\My Documents\Greg Byers Music.URL
[2010/02/19 21:25:40 | 024,360,054 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\My Documents\Bach-Calicchio-Schilke.bmp
[2010/02/19 21:25:40 | 000,191,821 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\My Documents\Bach-Calicchio-Schilke.jpg
[2010/02/19 19:51:41 | 000,375,218 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\Desktop\checklist.pdf
[2010/02/19 15:09:45 | 000,038,477 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\Application Data\Comma Separated Values (DOS).ADR
[2010/02/18 21:43:38 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\Desktop\Mosaic Records - Jazz Video Cafe.URL
[2010/02/18 21:42:19 | 030,710,818 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\My Documents\video.flv
[2010/02/18 13:51:28 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\Desktop\MuseScore.lnk
[2010/02/18 13:32:02 | 000,000,080 | ---- | M] () -- C:\Documents and Settings\Richard Feldman\My Documents\104 sheets found for love dance Wikifonia.URL
[2010/02/18 03:29:59 | 000,629,532 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/18 03:29:59 | 000,519,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/18 03:29:59 | 000,097,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/17 21:41:33 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/02/17 21:41:33 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2010/02/17 21:41:26 | 000,323,584 | ---- | M] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/13 18:16:47 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010/03/13 18:16:37 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/03/13 18:16:18 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Desktop\video-plugin.40030.exe
[2010/03/11 12:45:51 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Desktop\Google - Compare mortgages.URL
[2010/03/10 15:39:00 | 000,004,362 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\My Documents\So Help Me Jesus word perfect.wpd
[2010/03/10 15:39:00 | 000,003,349 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\My Documents\So Help Me Jesus msword.doc
[2010/03/04 23:59:07 | 260,482,833 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\My Documents\plating_in_the_small_shop.wmv
[2010/02/25 20:32:15 | 000,026,420 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\My Documents\Love Dance Concert Eb TENOR.pdf
[2010/02/25 20:29:16 | 000,026,051 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\My Documents\Love Dance Concert Bb TENOR.pdf
[2010/02/25 20:23:47 | 000,025,664 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\My Documents\Love Dance Concert Bb.pdf
[2010/02/25 19:58:59 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-438389835-3352072604-3910823140-1005Core1cab6767fbe6be4.job
[2010/02/21 14:22:56 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\My Documents\Greg Byers Music.URL
[2010/02/19 21:25:40 | 024,360,054 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\My Documents\Bach-Calicchio-Schilke.bmp
[2010/02/19 21:25:40 | 000,191,821 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\My Documents\Bach-Calicchio-Schilke.jpg
[2010/02/19 19:51:35 | 000,375,218 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Desktop\checklist.pdf
[2010/02/19 15:09:45 | 000,038,477 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\Comma Separated Values (DOS).ADR
[2010/02/18 21:43:38 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Desktop\Mosaic Records - Jazz Video Cafe.URL
[2010/02/18 21:42:04 | 030,710,818 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\My Documents\video.flv
[2010/02/18 13:51:28 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Desktop\MuseScore.lnk
[2010/02/18 13:32:02 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\My Documents\104 sheets found for love dance Wikifonia.URL
[2010/02/12 21:42:29 | 000,011,966 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\Comma Separated Values (Windows).CAL
[2010/01/28 23:20:16 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\setup_ldm.iss
[2010/01/02 14:16:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\downloads.m3u
[2009/12/25 01:39:38 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\default.rss
[2009/12/25 00:46:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/13 00:14:03 | 000,006,794 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\SAS7_000.DAT
[2009/11/16 19:55:42 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/16 19:55:37 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/16 19:55:37 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/10/21 01:58:45 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/17 13:17:47 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/05/15 11:53:54 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/05/13 20:57:29 | 001,238,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/03/19 11:43:42 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/02/21 11:25:20 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/06 00:45:49 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2009/01/28 21:58:05 | 000,023,938 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\Comma Separated Values (Windows).ADR
[2009/01/20 17:14:46 | 000,010,238 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/10 15:26:16 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009/01/01 21:19:05 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/01/01 21:19:05 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/01/01 21:19:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/01/01 21:19:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/01/01 21:19:05 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/01/01 21:19:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/12/02 20:18:15 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/02 20:15:47 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2008/12/02 19:57:34 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/11/05 14:21:31 | 000,010,886 | ---- | C] () -- C:\WINDOWS\System32\RdCi1027.dll
[2008/11/01 21:52:04 | 000,000,114 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2008/11/01 12:04:54 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv6628p5now.sys
[2008/09/28 12:42:36 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2008/09/28 12:42:36 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2008/07/26 12:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/07/21 22:18:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2008/06/04 22:30:49 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/06/01 12:06:57 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\coreavc.ini
[2008/05/30 16:28:00 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\D79608E7A2.sys
[2008/05/30 16:27:58 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/05/29 02:02:43 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/05/23 23:32:39 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/05/23 23:32:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/05/04 23:46:06 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/05/01 20:20:42 | 000,011,138 | ---- | C] () -- C:\WINDOWS\msvrc20.dll
[2008/04/18 18:53:03 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/04/14 12:52:07 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/04/14 12:52:06 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/04/14 12:51:33 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/04/14 12:51:33 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2008/04/14 12:51:30 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/03/30 20:52:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2008/03/28 20:46:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/28 10:42:38 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\vso_ts_preview.xml
[2008/01/28 10:38:33 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\pcouffin.log
[2008/01/28 10:37:37 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\pcouffin.cat
[2008/01/28 10:37:36 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\pcouffin.inf
[2008/01/27 23:14:13 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/01/27 22:48:19 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2008/01/27 22:48:19 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2008/01/27 00:44:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2007/09/12 21:24:27 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\HPCOM_48BitScanUpdate.log
[2007/09/12 21:24:27 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/09/02 13:29:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/06/28 06:54:10 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 06:52:18 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/21 11:06:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/04/22 02:00:36 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Studio.INI
[2007/03/18 13:24:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/03/15 20:19:56 | 000,004,262 | ---- | C] () -- C:\WINDOWS\ATM.INI
[2007/03/15 20:18:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\PFPICK.DLL
[2007/03/15 20:15:38 | 000,000,032 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/03/13 13:29:44 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Local Settings\Application Data\fusioncache.dat
[2007/02/27 20:19:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/01/14 14:21:59 | 000,000,567 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/12 22:22:28 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/12 22:21:11 | 000,000,256 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2006/11/15 19:44:30 | 000,000,066 | ---- | C] () -- C:\WINDOWS\BBW_INFO.INI
[2006/05/10 12:23:09 | 000,020,992 | ---- | C] () -- C:\WINDOWS\exeshl.dll
[2006/04/16 12:21:44 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/04/16 00:27:46 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2006/03/23 00:33:23 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2006/03/23 00:33:23 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2006/03/23 00:29:12 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2006/03/23 00:29:12 | 000,000,072 | R--- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2006/03/22 23:17:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2006/03/22 19:36:00 | 000,000,196 | ---- | C] () -- C:\WINDOWS\EPSON 1260_1660 Installer.ini
[2006/03/22 16:43:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/03/12 14:46:08 | 000,045,080 | ---- | C] () -- C:\Documents and Settings\Richard Feldman\Application Data\wklnhst.dat
[2005/09/15 10:40:22 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/09/01 17:11:52 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/04/29 05:01:09 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/04/21 14:51:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI
[2004/08/07 09:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:12:40 | 000,000,831 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/04 04:00:00 | 000,007,532 | ---- | C] () -- C:\WINDOWS\System32\NT47AEX.DLL
[2004/08/04 04:00:00 | 000,007,532 | ---- | C] () -- C:\WINDOWS\System32\BUGXJM42.DLL
[2004/01/13 14:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/12/19 05:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2002/09/06 14:36:16 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/05/15 00:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll
[1999/11/11 05:39:00 | 000,481,792 | ---- | C] () -- C:\WINDOWS\System32\RFFTW2dll.dll
[1999/01/27 17:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/18 03:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 03:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/13 11:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/03/28 22:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Grisoft
[2008/03/28 04:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VersionTracker Pro
[2010/02/09 20:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
[2008/06/15 02:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\.myibay
[2008/11/09 22:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\ACD Systems
[2008/07/05 23:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Acoustica
[2008/03/10 00:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\albumart
[2008/12/30 12:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Ashampoo
[2009/04/30 21:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\biu software
[2008/06/01 15:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\BSplayer PRO
[2009/09/08 22:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\DAEMON Tools Lite
[2008/03/03 02:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\dBpoweramp
[2006/03/23 01:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\EPSON
[2010/02/10 02:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\FoxyTunes
[2008/04/30 18:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\gtk-2.0
[2006/11/16 19:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\ieSpell
[2007/08/18 11:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Image Zone Express
[2009/11/06 22:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\ImgBurn
[2009/03/27 13:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\IObit
[2008/06/12 10:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\IrfanView
[2006/03/20 12:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Leadertech
[2008/06/01 12:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\LEAPS
[2007/10/22 10:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Movies Extractor Scout
[2006/03/15 19:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\MSNInstaller
[2010/02/18 13:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\MusE
[2008/10/30 14:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Netscape
[2009/12/12 23:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Nuance
[2008/08/05 17:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Orbit
[2008/03/18 03:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\PCF-VLC
[2008/04/06 12:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\PCToolsFirewallPlus
[2009/01/11 16:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Pegasys Inc
[2008/10/30 13:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Photodex
[2007/08/18 11:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Printer Info Cache
[2008/06/06 15:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Renegade Minds
[2008/12/03 01:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\ScanSoft
[2010/01/24 23:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\SendSpace Wizard
[2006/06/08 00:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Snapfish
[2006/03/20 20:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Template
[2008/05/04 15:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\TuneUp Software
[2008/12/16 23:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Uniblue
[2010/03/09 12:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\uTorrent
[2008/03/05 11:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Vso
[2009/01/28 21:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Windows Live Writer
[2009/01/29 03:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Feldman\Application Data\Windows Search
[2010/01/27 12:04:18 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2009/10/10 01:39:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/03/13 18:16:51 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/03/13 18:16:57 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Richard Feldman\My Documents\ADD- Scott Benedict.jpg:Roxio EMC Stream
< End of report >
-------------------------------------------------------------------------
Before you do anything else check your back up/copy/archive, make sure its 100% up to date accurate, reproducible and kept safe on removable media. Don't forget to include all your downloaded executables, drivers, especially your network adapters drivers, serial keys including the one for Windows itself, and put all your aplication installation CD/DVD including the Windows disc, in a safe and handy place.

Only when you are satisfied you have backed up everything that's important to you should you attempt any further steps........

You could try a repair installation of Windows (non destructive)...usually! and see if this does the trick...if successful be prepared to do a fair few Windows updates!
Regards
paws
----------------------------------------------------------------------
I have no windows discs

I will need instructions for this.
------------------------------------------------------------------------
If for example your backup/copy /archive is kept on an external hard drive then check that it's complete, accurate and reproducible....I.E that you are able to copy it across, if it should become necessary (if your existing machine still won't boot then use another machine to check ...also.......check the dates (file dates) to make sure that its bang up to date...... if you eventually need to format and reinstall then its wise to ensure that everything that is important to you is correctly backed up...

You will need the Microsoft XP installation disc, so have a really good search for it, if no joy then go to the retailer form whom you purchased the computer for it.....
if no joy with them then go to the computer's manufacturer (you will need to be prepared to pay for them, as a final last resort borrow the correct one from a chum...however if you use it and have to enter the Windows Product key (25 alpha-numerics in 5 groups of 5) then only use the one you are licenced to use.
Regards
paws

ken545
2010-03-21, 03:25
Rich,

OTLPE is showing no signs of malware that I can see. Its best you follow along with Paws and do a Repair install, most times this will save all your files. You will need a windows CD for this, no way around it.

rich97702
2010-03-21, 08:09
OK Ken- Thanks
I really appreciate your taking a look.

For what it's worth, I did find these 2 entries in the OTLPE log suspicious- they are the most recent files shown, and the date/time coincides with the time my anti-virus popped up a warning for about 1.5 seconds, followed by the BSOD.

[2010/03/13 18:16:57 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

[2010/03/13 18:16:51 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

The first is mentioned in a spybot post (and elsewhere)
http://forums.spybot.info/showthread.php?t=55175

Both are mentioned on the MBAM site (and elsewhere)

http://forums.malwarebytes.org/index.php?showtopic=38629&st=0&p=193288&#entry193288
(1/3 down the page, under "Technical details for experts/Alterations made by the installer")

Probably a wild goose chase.

I have MBAM installed on the infected computer. Is there a way to run it,
or run a copy from a disk (or from online- if I can get there?

Thanks again Ken.
I'll look for an install disk.
Rich

ken545
2010-03-21, 13:16
Rich,

I saw those and another entry but bypassed them because they are not I believe preventing you from booting into windows. I am going to post to Paws with my findings and he can show you how if possible to get in.

ken545
2010-03-21, 19:22
Rich,

A shot in the dark. Boot to your OTLPE disk and then do this.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following



:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\geBsrOHx) - File not found

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):"msv1_0"

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done

rich97702
2010-03-22, 02:20
Loaded script, "Run Fix" takes me to "Select a shell and enter your login password to continue".

Choices in drop down are two: Explorer, and Console.
I selected Explorer. There is no place to enter a password (I never used one), so I hit Enter. Fairly quickly it showed the OTLPE desktop and had closed OTL.
Pulled the disc out, shut down, rebooted to "sorry for the inconvenience, windows did not shut down properly..." and was given standard F8 choices, chose Normal Startup, and got the same BSOD- no change.
There was nothing to indicate it dealt with your script (with the above approach).
Rich

ken545
2010-03-22, 02:23
OK Rich, lets just follow Paws and do a Repair Install

ken545
2010-03-22, 02:59
Bump to see thread

rich97702
2010-03-22, 03:20
Don't know if this log file found on OTLPE is germane to your script or not.
Will continue with Paws.
Rich

[SetupAPI Log]
OS Version = 5.1.2600
Platform ID = 2 (NT)
Service Pack = 0.0
Suite = 0x0000
Product Type = 1
Architecture = x86
[2010/03/21 16:53:21 2028.3]
#-199 Executing "X:\i386\explorer.exe" with command line: explorer.exe
#E412 Per-machine codesigning policy settings appear to have been tampered with. Error 13: The data is invalid.
#W413 Default of 0 restored to "Policy" value under HKEY_LOCAL_MACHINE\Software\Microsoft\Non-Driver Signing.
#W413 Default of 1 restored to "Policy" value under HKEY_LOCAL_MACHINE\Software\Microsoft\Driver Signing.
#W415 Codesigning policy database re-synchronized to default values.

ken545
2010-03-22, 10:17
Good Morning Rich,

Thanks for the log but its not what I needed .

rich97702
2010-03-22, 20:31
I'm sure I have plenty of that! :slap:

Since I'm on a roll... Kaspersky found these (downloaded to external hard drive from failing laptop:

3/22/2010 10:56:13 AM Deleted: Packed.Win32.Krap.aq K:\c\Documents and Settings\Richard Feldman\Local Settings\Temp\Zvf.exe Microsoft Windows Search Protocol Host
3/22/2010 10:56:12 AM Deleted: Packed.Win32.Krap.as K:\c\Documents and Settings\Richard Feldman\Local Settings\Temp\Zvh.exe Microsoft Windows Search Protocol Host
3/22/2010 10:56:12 AM Deleted: Packed.Win32.Krap.as K:\c\Documents and Settings\Richard Feldman\Local Settings\Temp\Zvg.exe Microsoft Windows Search Protocol Host

No need to reply- unless...

ken545
2010-03-22, 21:26
Rich,

Cant do much until your up and running. Where did you find those files , on the computer we are working on or another one

rich97702
2010-03-23, 00:06
Those files are on the computer we're working on.
I am in the process of copying every file on the infected computer to a 750 gig external drive, and of the the ones I've so far copied (about 50% of the total) to that drive, Kaspersky has found those and deleted them on that 750 gig drive.

ken545
2010-03-23, 00:52
Those files that Kaspersky had removed are real nasty

rich97702
2010-03-24, 07:32
Hi Ken,
Can you tell me if this disk will do what we need it to?
(I sent this to Paws as well.)

ken545
2010-03-24, 13:34
Rich,

Been following along with you at WTT , Paws is good at this and he should get you going

ken545
2010-03-25, 17:17
Paws at WTT helped Rich reinstall windows.

Here is some advice and free tools for you to install to help keep you more secure.


How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)





Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.



Safe Surfn
Ken

rich97702
2010-03-25, 17:35
Hi Ken,
I'll start the reading assignment and downloads and ask any questions I may have.
I'll post when finished.
Rich

rich97702
2010-03-28, 21:20
Hi Ken,
Installed, updated, and Running:

• Spybot Search and Destroy 1.6 (no Teatimer)
• Spyware Blaster
• Spyware Guard
• IE-Spyad

Firefox 3 has been my {much) preferred browser until recently-"cannot find server" issues have really made it a pain in the butt (both XP Pro SP3 and Windows 7). Many times, 5 or 6 attempts of "retry"/refresh will work. I have the latest version- reinstalled it today. Same problem, both machines.

I've found far too many script fixes on the web for this problem to be comfortable trying one. Any thoughts?
Rich

rich97702
2010-03-28, 21:39
Forgot to mention:
Windows firewall
Kaspersky anti-virus 2010

Kaspersky was included for six months free with the new computer- would you encourage antying up for this program when it expires?
Rich

ken545
2010-03-29, 02:16
Hello Rich

You will find that most of the leading AVs are good, what threat one finds the other does not, it depends on how fast the data bases are updated, your call on which one you keep, just as long as you keep one...just one, more than one is overkill and can cause problems.

Here are some free ones if you want to go that route, there more than adequate.

Free Anti Virus Programs


AVG Free (http://free.grisoft.com/doc/avg-anti-virus-free/lng/us/tpl/v5)
Free Avast 4 Home Edition (http://www.avast.com/eng/avast_4_home.html)
Avira AntiVir® Personal Edition Classic (http://www.free-av.com/)



Free Firewalls


Zone Alarm (http://www.pcworld.com/downloads/file_description/0,fid,7228,00.asp)
Sygate Personal Firewall Free Edition (http://www.filehippo.com/download_sygate_personal_firewall/[/url])
Outpost Firewall Free (http://www.agnitum.com/products/outpostfree/index.php)



Open Firefox ( my love also, been using it for years ) and go to Tools > Add Ons and disable all your add ons and see if that helped.


I believe you downloaded ATF Cleaner, run it and make sure you run the option for Firefox

You can also try posting here for help with Firefox
http://support.mozilla.com/en-US/kb/Ask+a+question


Ken :)

ken545
2010-03-30, 20:36
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.