Jump to content

Please help me fix my computer


Recommended Posts

Hello Malwarebytes team,

I managed to contract a nasty virus and am hoping you could all please help me out.

Basically, I got a fake microsoft virus warning that looked like this: http://www.prlog.org/10938142-fake-microso...virus.jpg\

Immediately, my computer froze. Now I can't get windows to boot. The start up process stops at "Verifying DMI Pool Data..." and won't go any further. thus I cannot yet provide a Hijack this file. I was able to boot from the windows CD and successfully completed a repair install of windows but the problem persists. (so I guess DOS is working?)

Here's the rather old and dilapidated computer what I'm working with:

windows XP SP3

AMD Athlon64 3500+

Hitachi 160GB 7200RPM Serial ATA 150 8MB Cache

Gigabyte GA-K8N Ultra-SLI nForce4 Ultra SLI Chipset Dual PCIE MB

1gb of ram

NVIDIA Geforce 7800 GT 256MB 16X PCI Express Video Card

Thanks in advance

PS I will obviously be using other computers to update this thread.

Link to post
Share on other sites

  • Replies 140
  • Created
  • Last Reply

Top Posters In This Topic

Hello, lets see if we can get this fixed. Did the Repair installation complete? If not, at what point did it stop?

  • Insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.

    [*]Your PC should now boot from your XP-CD.

    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

    [*]When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

    [*]When prompted to choose a windows installation, type 1 and press enter.

    [*]When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

    [*]A command prompt will open

Type fixmbr and press enter.

Type exit and press enter to reboot.

Let me know how things are now.

Link to post
Share on other sites

hey elise.

thanks for replying so quickly.

I have bad news. i have been meddling and am afraid that i have further complicated things. the repair install was completed but didnt change anything. so i turned my attention to my mobo where I changed all the settings to optimized defaults, DOH!

Now my windows install is on a D: drive which appears to be the same HD just labeled different. (I have a second slave drive installed; same as above master but 250gb)

Did the master-slave thing get messed up?

Link to post
Share on other sites

It is important that the drive containing your windows installation is set as Master, nto as slave. If that is the case, we should be able to get things working.

Can you access the boot menu (either change boot order in BIOS or tap the key to get the boot menu, typically F11 or F12)?

If so, attempt to boot from the drive and let me know what happens. Its likely we will have to edit the boot.ini file to reflect this change, but that is not a lot of work.

Link to post
Share on other sites

It asks to set up a raid at the begining of the boot. (never done that before; i've never had raid setup)

The boot process now stops after it says:

PXE-E53: No boot file name received

PXE-M0F: Exiting NVIDIA Boot Agent

I ran fixmbr as per your instructions on the D: windows but the boot still stops at the same place.

PS i promise to stop meddling

PPS i am using a psp to write this hence the double post

Link to post
Share on other sites

I think this means the computer is looking on the other drive first. Is there any way you can remove that drive temporarily and restore things (for the Windows drive) as they were?

I was hoping you would know. Would unplugging the slave do the trick?

I really don't know how to do a restore from recovery console but I am good at following instructions. Are there any ways to test your hypothesis? I only ask because ...

Link to post
Share on other sites

Would unplugging the slave do the trick?
Yes, that is sure worth a try. Make sure the master drive is connected exactly as it was and that the boot order is set from HDD (that way the computer is forced to look at the other HDD first).

Then let me know how your drive shows up (which drive letter). Please do not attempt any more steps on your own, since that is likely to make things worse!!!

Link to post
Share on other sites

turns out that the master is a Western Digital and only the slave is a hitachi. DOH! anyways, upon unplugging the slave, the boot stops after saying the following:

PXE-E61: Media test failure, check cable

PXE-M0F: exiting NVIDIA boot agent

Recovery console sees the drive as C:

Also, I found an option in Bios for "Hard Disk Boot Priority" But the only option is :

1. Bootable Add-in Cards

there are no other options available. Probably explains why it's trying to boot from my mobo's network card.

Link to post
Share on other sites

Update:

the 'media test failure' was a result of my ethernet cable being unplugged. Plugging it back in yields the previous 'No boot filename...' error.

Also, it always tries to boot from CD drive before trying to boot from the network.

My boot priorities remain:

1. Hard Disk

2. Hard Disk

3. CDROM

I don't think my mobo is recognize my HDD. Would it be related to it requesting me to enter the RAID utility?

Link to post
Share on other sites

Please try this:

Let's try to boot your computer using a Boot CD.

Please print this guide for future reference!

You will need a blank CD, your Windows XP install disc, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. Please tell me what error messages you got and/or what steps you got hung up on.

1. Download the PE Builder to your desktop

http://www.nu2.nu/download.php?sFile=pebuilder3110a.exe

  • Double-Click on the PE Builder that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.

2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive

  • Double-Click on PE Builder.exe located on your desktop.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
      • Source:(path to Windows installation files)
        • Enter the path to the drive where your XP CD is located.
        • You can click on the "..." button on the right to navigate to the path as well.

        [*]Custom: (include files and folders from this directory)

        • No information is necessary, leave blank.

        [*]Output:

        • Keep the default

    • Media output
      • Choose Create ISO image

      • Do not choose Burn to CD/DVD
        • Download the RunScanner plugin and save it to your desktop

        http://www.paraglidernc.com/Files/RunScanner10025.cab

        Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner <--- Important!!!

        • Press the Plugin button on the PE Builder interface
        • Press the Add button and navigate to the location of the RunScanner plugin to install
        • Please note: If you are using a Windows XP disc with sp2 then highlight RpsSS needs to launch DComLaunch and then press Enable

        [*]When your done press Close and the PE Builder interface will re-appear

    3. Click on the "Build" button

    • You will see the Windows EULA message. Click on I Agree
    • You will now see the Build Screen. Let it run it's course
    • When the Build is finished you can click close, then exit

    4. Burn your ISO file to CD

    ==========

    Next........

    From your clean computer..

    Please download OTLPE.zip and save it to a flash drive.

    http://oldtimer.geekstogo.com/OTLPE.zip

    http://www.itxassociates.com/OT-Tools/OTLPE.zip

    Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

    ==========

    Plug your flash drive into your sick computer now and do as instructed below..

    ==========

    1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created

    • Insert the CD in to one of your CD/DVD drives.
    • Restart your computer.
      • The computer should choose to boot from the CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.

      [*]Once the desktop appears, you will receive a message asking: Do you want to start Network support?

      • Click on No

      [*]After it loads press the Go button in the lower left and do this....

      • Go
      • System
      • Display
      • Screen Resolution
      • 1024x768

      Next choose....

      • Go
      • Programs
      • A43 File Management Utility

    ==========

    In A43File Management you should see your flash drive

    Navigate to the OTLPE folder that you saved to your flash drive.

    Open the OTLPE folder and double click Start.cmd.

    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTLPE should now start
      Change the following settings
      • Change Services, Drivers, Standard and Extra Registry to Use Safelist
      • Uncheck LOP and Purity check

      Please note: Stay with your computer during the course of the scan. If "Entry Point Errors" are encountered simply press "ok" and allow the program to continue. <-- Important!!

      [*]Push runscanbutton.png

      [*]A report will open named "OTL.tx"t and another will be minimized to the system tray named "Extra.txt". Save both log's to your flash drive. Copy and Paste them in your next reply.

Link to post
Share on other sites

It took awhile but I finally got a PC to use. Everyone uses mac these days. No surprise. Windows is a headache. When will microsoft take a hint and see how broken dos is.

I'm off my soapbox and have some unfortunate news.

It is not booting from the PEBuilder Disk. Instead it stops after saying:

"Missing operating system"

Maybe its time to consult with some of the other members of the malware bytes team to see if they have some good ideas for where we do next? In the mean time, I'll try that whole process again to make sure I didn't bungle something. Let you know if I get different results.

Link to post
Share on other sites

ok last post is regretted

OTL logfile created on: 11/28/2010 10:09:14 PM - Run

OTLPE by OldTimer - Version 3.1.43.0 Folder = E:\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 6.0.2800.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

Drive C: | 298.09 Gb Total Space | 5.70 Gb Free Space | 1.91% Space Free | Partition Type: NTFS

Drive D: | 149.04 Gb Total Space | 44.79 Gb Free Space | 30.05% Space Free | Partition Type: NTFS

Drive E: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.95% Space Free | Partition Type: FAT32

Drive X: | 150.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- D:\WINDOWS\System32\irmon.dll -- (Irmon)

SRV - File not found [Disabled] -- D:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand] -- D:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - File not found [Auto] -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)

SRV - [2010/09/01 21:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- D:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®

SRV - [2010/08/13 18:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/06/23 19:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- D:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2009/10/05 16:09:11 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- D:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot] -- -- (zocqib)

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | Boot] -- D:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)

DRV - File not found [Kernel | On_Demand] -- D:\WINDOWS\System32\DRIVERS\rasirda.sys -- (Rasirda) WAN Miniport (IrDA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand] -- D:\WINDOWS\System32\DRIVERS\irsir.sys -- (irsir)

DRV - File not found [Kernel | Auto] -- D:\WINDOWS\System32\DRIVERS\irda.sys -- (irda)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | Boot] -- -- (cduqo)

DRV - [2009/11/09 03:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- D:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2009/10/05 16:09:19 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- D:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/10/05 16:09:19 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- D:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/02/16 06:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- D:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2007/12/16 19:37:36 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2007/10/18 04:17:22 | 000,822,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005/09/11 07:48:10 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV - [2005/07/21 04:07:00 | 003,198,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2005/01/20 00:45:30 | 000,088,960 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)

DRV - [2005/01/13 08:45:46 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005/01/13 08:45:44 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2004/12/17 23:14:44 | 000,013,952 | ---- | M] () [Kernel | System] -- D:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)

DRV - [2004/12/10 18:48:46 | 000,024,704 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)

DRV - [2004/12/10 18:48:40 | 000,068,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)

DRV - [2004/12/10 18:48:18 | 000,036,480 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)

DRV - [2004/12/10 18:48:08 | 000,052,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)

DRV - [2004/12/10 18:47:58 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2004/10/27 13:24:00 | 000,223,104 | ---- | M] (Marvell) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2004/08/11 22:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004/06/04 08:27:46 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\P17.sys -- (P17)

DRV - [2003/09/22 00:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2003/09/22 00:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2003/03/05 18:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- D:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Aaron_Dankert_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Aaron_ON_D\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\Aaron_ON_D\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\Aaron_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Aaron_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Aaron_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Aaron_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/23 01:08:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{BFBBF72C-A835-44DC-8618-00FCE64E359A}: C:\Documents and Settings\Aaron\Local Settings\Application Data\{BFBBF72C-A835-44DC-8618-00FCE64E359A} [2009/01/06 00:50:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{CFE55696-EEEE-4BA7-8BBC-1EAF70550430}: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{CFE55696-EEEE-4BA7-8BBC-1EAF70550430}\ [2009/01/11 23:53:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 00:47:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 00:47:23 | 000,000,000 | ---D | M]

[2010/11/21 15:57:08 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions

[2007/03/05 05:37:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- D:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2006/10/03 03:59:57 | 000,040,552 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll

O1 HOSTS File: ([2009/01/17 21:10:03 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG8_TRAY] D:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CTSysVol] D:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [Fsecevigul] D:\WINDOWS\izequyiwifapoyo.DLL File not found

O4 - HKLM..\Run: [iSUSPM Startup] D:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] D:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [RegistryMonitor1] D:\WINDOWS\system32\qtplugin.exe ()

O4 - HKLM..\Run: [updReg] D:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKU\Aaron_Dankert_ON_D..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)

O4 - HKU\Aaron_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd)

O4 - HKU\Aaron_ON_D..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)

O4 - HKU\Aaron_ON_D..\Run: [ResChanger 2005] D:\Program Files\ResChanger 2005\ResChanger2005.exe (EVGA CORP)

O4 - HKU\Aaron_ON_D..\Run: [spybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\Aaron_ON_D..\Run: [svchost] D:\WINDOWS\system32\config\systemprofile\Application Data\svchost.exe (SOFTWIN S.R.L.)

O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] D:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)

O4 - Startup: Error locating startup folders.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Aaron_Dankert_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Aaron_Dankert_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Aaron_Dankert_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Aaron_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Aaron_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKU\Aaron_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKU\Aaron_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (TTestGenXInstallObject)

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} http://asp.mathxl.com/books/_Players/EconPlayer.cab (Pearson MyEconLab Player Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150

O18 - Protocol\Handler\bw+0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw+0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw-0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw00 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw00s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw-0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw10 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw10s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw20 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw20s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw30 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw30s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw40 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw40s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw50 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw50s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw60 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw60s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw70 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw70s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw80 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw80s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw90 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bw90s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwa0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwa0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwb0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwb0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwc0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwc0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwd0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwd0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwe0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwe0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwf0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwf0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwg0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwg0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwh0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwh0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwi0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwi0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwj0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwj0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwk0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwk0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwl0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwl0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwm0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwm0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwn0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwn0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwo0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwo0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwp0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwp0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwq0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwq0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwr0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwr0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bws0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bws0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwt0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwt0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwu0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwu0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwv0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwv0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bww0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bww0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwx0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwx0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwy0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwy0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwz0 {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\bwz0s {a5b5682b-9383-4319-9227-c403f0bf9bb3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\offline-8876480 {A5B5682B-9383-4319-9227-C403F0BF9BB3} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - D:\Program Files\Microsoft\WaterMark.exe (Macromedia, Inc.)

O20 - HKU\Aaron_ON_D Winlogon: Shell - (C:\WINDOWS\system32\config\systemprofile\Application Data\hotfix.exe) - D:\WINDOWS\system32\config\systemprofile\Application Data\hotfix.exe ()

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - D:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/02/02 20:20:46 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 07:47:29 | 000,000,050 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/02/02 20:20:46 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/02/02 13:20:48 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2004/11/02 21:04:58 | 000,000,046 | R--- | M] () - X:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{75e15ad6-be1d-11db-b052-001125319750}\Shell - "" = AutoRun

O33 - MountPoints2\{75e15ad6-be1d-11db-b052-001125319750}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{75e15ad6-be1d-11db-b052-001125319750}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (sprestrt) - D:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: extrkeys - (C:\WINDOWS\system32\eudcltmc.dll) - D:\WINDOWS\System32\eudcltmc.dll File not found

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/23 06:44:54 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft

[2005/09/11 08:03:58 | 000,065,536 | ---- | C] ( ) -- D:\WINDOWS\System32\A3d.dll

[8 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

[14 D:\Documents and Settings\Aaron\My Documents\*.tmp files -> D:\Documents and Settings\Aaron\My Documents\*.tmp -> ]

[13 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/23 20:54:12 | 000,000,281 | RHS- | M] () -- D:\boot.ini

[2010/11/23 20:53:37 | 000,000,319 | ---- | M] () -- D:\WINDOWS\System32\$winnt$.inf

[2010/11/23 20:53:36 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat

[2010/11/23 06:46:03 | 000,000,016 | ---- | M] () -- D:\WINDOWS\System32\dmlconf.dat

[2010/11/23 06:44:53 | 000,569,856 | ---- | M] () -- D:\WINDOWS\System32\qtplugin.exe

[2010/11/23 06:40:19 | 000,000,978 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1767777339-839522115-1004UA.job

[2010/11/23 06:37:35 | 000,230,185 | ---- | M] () -- D:\WINDOWS\setupapi.old

[2010/11/23 05:48:01 | 000,000,886 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/23 01:52:49 | 067,969,774 | ---- | M] () -- D:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/11/22 21:38:12 | 000,000,868 | ---- | M] () -- D:\WINDOWS\tasks\Google Software Updater.job

[2010/11/22 10:48:00 | 000,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/22 10:40:00 | 000,000,926 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1767777339-839522115-1004Core.job

[2010/11/21 03:55:54 | 000,002,422 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl

[2010/11/21 03:55:47 | 000,126,660 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml

[2010/11/19 15:04:03 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/11/15 21:18:29 | 285,838,554 | ---- | M] () -- D:\Documents and Settings\Aaron\My Documents\vlc-record-2010-11-15-13h42m58s-pl-dtd1b.avi-.avi

[2010/11/12 08:39:47 | 000,312,242 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat

[2010/11/12 08:39:47 | 000,040,312 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat

[2010/11/12 03:25:07 | 000,021,504 | ---- | M] () -- D:\Documents and Settings\Aaron\My Documents\ebay cover letter.doc

[2010/11/06 08:42:09 | 000,002,284 | ---- | M] () -- D:\Documents and Settings\Aaron\Desktop\Google Chrome.lnk

[8 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

[14 D:\Documents and Settings\Aaron\My Documents\*.tmp files -> D:\Documents and Settings\Aaron\My Documents\*.tmp -> ]

[13 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/23 06:45:07 | 000,569,856 | ---- | C] () -- D:\WINDOWS\System32\qtplugin.exe

[2010/11/23 06:44:55 | 000,000,016 | ---- | C] () -- D:\WINDOWS\System32\dmlconf.dat

[2010/11/15 20:43:28 | 285,838,554 | ---- | C] () -- D:\Documents and Settings\Aaron\My Documents\vlc-record-2010-11-15-13h42m58s-pl-dtd1b.avi-.avi

[2010/11/10 18:18:26 | 000,021,504 | ---- | C] () -- D:\Documents and Settings\Aaron\My Documents\ebay cover letter.doc

[2009/01/14 01:54:43 | 000,000,095 | ---- | C] () -- D:\WINDOWS\wininit.ini

[2008/01/04 21:56:24 | 000,012,288 | ---- | C] () -- D:\WINDOWS\System32\DivXWMPExtType.dll

[2007/09/13 03:29:07 | 000,094,208 | ---- | C] () -- D:\WINDOWS\System32\GTW32N50.dll

[2007/02/23 04:29:56 | 003,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll

[2006/07/22 22:17:53 | 000,043,520 | ---- | C] () -- D:\WINDOWS\System32\CmdLineExt03.dll

[2006/07/19 20:39:25 | 000,021,840 | ---- | C] () -- D:\WINDOWS\System32\SIntfNT.dll

[2006/07/19 20:39:25 | 000,017,212 | ---- | C] () -- D:\WINDOWS\System32\SIntf32.dll

[2006/07/19 20:39:25 | 000,012,067 | ---- | C] () -- D:\WINDOWS\System32\SIntf16.dll

[2006/03/21 23:51:22 | 000,000,023 | ---- | C] () -- D:\WINDOWS\BlendSettings.ini

[2005/10/17 23:16:23 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI

[2005/09/11 08:04:24 | 000,000,231 | ---- | C] () -- D:\WINDOWS\AC3API.INI

[2005/09/11 08:04:00 | 000,067,428 | ---- | C] () -- D:\WINDOWS\System32\LudaP17.ini

[2005/09/11 08:04:00 | 000,000,029 | ---- | C] () -- D:\WINDOWS\System32\ctzapxx.ini

[2005/09/11 08:03:59 | 000,060,928 | ---- | C] () -- D:\WINDOWS\System32\P17.dll

[2005/09/11 08:03:59 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\P17CPI.dll

[2005/09/11 08:03:51 | 000,000,072 | ---- | C] () -- D:\WINDOWS\SBWIN.INI

[2005/09/11 07:48:10 | 000,001,024 | RH-- | C] () -- D:\WINDOWS\System32\NTIBUN4.dll

[2005/09/11 07:46:41 | 000,001,024 | RH-- | C] () -- D:\WINDOWS\System32\NTIMPEG2.dll

[2005/09/11 07:46:41 | 000,001,024 | RH-- | C] () -- D:\WINDOWS\System32\NTIFCD3.dll

[2005/09/11 07:46:41 | 000,001,024 | RH-- | C] () -- D:\WINDOWS\System32\NTICDMK7.dll

[2005/09/10 19:39:51 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI

[2005/09/10 19:07:44 | 000,000,102 | ---- | C] () -- D:\WINDOWS\VSWizard.ini

[2005/08/09 22:13:31 | 000,831,488 | ---- | C] () -- D:\WINDOWS\System32\libeay32.dll

[2005/08/09 22:13:31 | 000,159,744 | ---- | C] () -- D:\WINDOWS\System32\ssleay32.dll

[2005/07/21 04:07:00 | 000,540,672 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll

[2005/01/03 18:10:44 | 000,319,488 | ---- | C] () -- D:\WINDOWS\System32\DLXAPI32.DLL

[2004/12/17 23:14:44 | 000,013,952 | ---- | C] () -- D:\WINDOWS\System32\drivers\UBHelper.sys

[2004/08/04 12:00:00 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll

[2004/08/04 12:00:00 | 000,027,440 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys

[2001/12/26 22:12:30 | 000,065,536 | R--- | C] () -- D:\WINDOWS\System32\multiplex_vcd.dll

[2001/09/04 05:46:38 | 000,110,592 | R--- | C] () -- D:\WINDOWS\System32\Hmpg12.dll

[2001/07/30 22:33:56 | 000,118,784 | R--- | C] () -- D:\WINDOWS\System32\HMPV2_ENC.dll

[2001/07/24 04:04:36 | 000,118,784 | R--- | C] () -- D:\WINDOWS\System32\HMPV2_ENC_MMX.dll

< End of report >

OTL Extras logfile created on: 11/28/2010 10:09:14 PM - Run

OTLPE by OldTimer - Version 3.1.43.0 Folder = E:\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 6.0.2800.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

Drive C: | 298.09 Gb Total Space | 5.70 Gb Free Space | 1.91% Space Free | Partition Type: NTFS

Drive D: | 149.04 Gb Total Space | 44.79 Gb Free Space | 30.05% Space Free | Partition Type: NTFS

Drive E: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.95% Space Free | Partition Type: FAT32

Drive X: | 150.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- Reg Error: Key error.

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()

"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found

"C:\Documents and Settings\Aaron\Desktop\Emulator\SNES\zsnesw.exe" = C:\Documents and Settings\Aaron\Desktop\Emulator\SNES\zsnesw.exe:*:Enabled:zsnesw -- ()

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)

"C:\Program Files\Steam\SteamApps\d3v4st8r\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\d3v4st8r\counter-strike source\hl2.exe:*:Enabled:hl2 -- File not found

"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()

"C:\Program Files\EA GAMES\Battlefield 2\bf2_w32ded.exe" = C:\Program Files\EA GAMES\Battlefield 2\bf2_w32ded.exe:*:Enabled:bf2_w32ded -- ()

"C:\Documents and Settings\Aaron\Desktop\utorrent.exe" = C:\Documents and Settings\Aaron\Desktop\utorrent.exe:*:Enabled:

Link to post
Share on other sites

Hi again,

As a fyi, I am not part of the MBAM team, I just help out at this site (as I do at other sites), but I am trained in malware removal and have quite some experience. :)

First of all, locate d:\boot.ini, open it and post me its contents.

I see that C is your 300 GB drive. Is that the second drive you added? If so, can you unplug it?

Please run the following fix and see if you can boot normally afterwards (if "no operating system is found" is displayed, it is most likely a problem with the drive ltters being messed up, which we can resolve after seeing the content of boot.ini).

Please rerun OTLPE, copy/paste the following text into the "custom scan/fix" field and click Run Fix.

:otl
DRV - File not found [Kernel | Boot] -- -- (zocqib)
DRV - File not found [Kernel | Boot] -- D:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
IE - HKU\Aaron_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
O4 - HKLM..\Run: [Fsecevigul] D:\WINDOWS\izequyiwifapoyo.DLL File not found
O4 - HKLM..\Run: [RegistryMonitor1] D:\WINDOWS\system32\qtplugin.exe ()
O4 - HKU\Aaron_ON_D..\Run: [svchost] D:\WINDOWS\system32\config\systemprofile\Application Data\svchost.exe (SOFTWIN S.R.L.)
O20 - HKLM Winlogon: UserInit - (c:\program files\microsoft\watermark.exe) - D:\Program Files\Microsoft\WaterMark.exe (Macromedia, Inc.)
O20 - HKU\Aaron_ON_D Winlogon: Shell - (C:\WINDOWS\system32\config\systemprofile\Application Data\hotfix.exe) - D:\WINDOWS\system32\config\systemprofile\Application Data\hotfix.exe ()
O32 - AutoRun File - [2009/02/02 20:20:46 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/02/02 20:20:46 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/02/02 13:20:48 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ FAT32 ]
O36 - AppCertDlls: extrkeys - (C:\WINDOWS\system32\eudcltmc.dll) - D:\WINDOWS\System32\eudcltmc.dll File not found

:commands
[emptytemp]

Link to post
Share on other sites

Hey Elise,

I used your fix code but no dice. My Computer still tries to boot from a CD/DVD then tries to boot from the network and I get the now familiar warning:

PXE-E35: No Boot filename recieved

PXE-M0F: Exiting NVIDIA Boot Agent

This is with the auxiliary HDD disconnected and the boot priority as thus:

1. HDD

2. HDD

3. CDROM

Here's the boot.ini:

[boot loader]

timeout=1

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

Link to post
Share on other sites

In BartPE, can you please look what is on the C drive (using A43 file management). No need to post any details, just roughly is enough.

Also, is C a partition from a drive that also contains D (the partition that contains windows).

I need to know this in order to make some adjustments to the boot.ini file.

Link to post
Share on other sites

The B drive/ram disk is a volume that BartPE creates in memory. It does not physically exist and is gone once the BartPE OS is shut down.

What we need to do is, using BartPE swap the drive letters so the windows drive will be C and the other drive will be D.

1. Right-click on the My Computer icon on the desktop

2. Click on the Manage option

3. Click on Disk Management

4. Right-click on the C: drive

5. Click on Change Drive Letter and Paths

6. Select the C: drive and click in the Change button

7. Select Assign the following Drive Letter option

8. In the drop-down selection box select E:

9. Now do the same for the D drive, and assign C: to it.

10. You can now change the E: drive back to D:

11. Click Ok for any warning messages and close out the Computer Management dialog box

Try to reboot normally and let me know what happens.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.