Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Backdoor.tidserv + atapi.sys = Browser Hijacking... [Closed]

Started by noob340 , Dec 17 2009 05:49 PM

  • This topic is locked This topic is locked

#1
noob340
Posted 17 December 2009 - 05:49 PM

noob340

    New Member

  • Member
  • Pip
  • 5 posts
While at work today my Symantec Realtime Protection popped up saying a virus (backdoor.tidserv) was found in my C:\WINDOWS\system32\drivers\atapi.sys & C:\WINDOWS\system32\drivers\atapi.sys.tmp. I updated & ran Malwarebytes but it does not detect anything. Now when I try to browse to certain sites, it is hijacking the request and forwarding me to other random websites. Not sure what to do or where it came from because I wasn't even browsing the net when it popped up (I was working in SQL Server)!? Can someone help me remove this thing please?
  • 0

Advertisements

#2
Rorschach112
Posted 17 December 2009 - 05:50 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %PROGRAMFILES%\*.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

  • 0

#3
noob340
Posted 17 December 2009 - 05:58 PM

noob340

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
== OTL.Txt ==

OTL logfile created on: 12/17/2009 3:51:04 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\noob340\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 44.44 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 6.31 Gb Free Space | 63.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3007.30 Gb Total Space | 2326.48 Gb Free Space | 77.36% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 3007.30 Gb Total Space | 2326.48 Gb Free Space | 77.36% Space Free | Partition Type: NTFS
Drive T: | 3007.30 Gb Total Space | 2326.48 Gb Free Space | 77.36% Space Free | Partition Type: NTFS

Computer Name: noob340
Current User Name: noob340
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/17 14:23:50 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\noob340\Desktop\OTL.exe
PRC - [2009/12/09 15:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\noob340\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/12/03 17:42:08 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\noob340\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/12/03 17:42:08 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Documents and Settings\noob340\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/09/01 00:00:00 | 01,873,272 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe
PRC - [2008/10/13 11:25:02 | 12,310,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/23 15:09:50 | 00,199,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/10 05:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/01/30 13:58:20 | 00,917,504 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 13:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/10/12 21:27:40 | 00,257,536 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
PRC - [2006/10/12 21:27:20 | 00,304,640 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMon.exe
PRC - [2006/07/10 10:53:08 | 00,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2006/02/27 23:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2003/05/21 01:21:18 | 00,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe
PRC - [2003/05/21 01:19:50 | 00,233,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.exe


========== Modules (SafeList) ==========

MOD - [2009/12/17 14:23:50 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\noob340\Desktop\OTL.exe
MOD - [2006/10/12 21:26:26 | 00,198,144 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll
MOD - [2005/06/10 12:30:56 | 00,002,560 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\Resources\en\RTSUltraMonHookRes.dll


========== Win32 Services (SafeList) ==========

SRV - [2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 05:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007/02/10 05:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/01/30 13:58:20 | 00,917,504 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/16 21:01:12 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZIPM12.DLL -- (Pml Driver HPZ12)
SRV - [2006/06/13 16:39:58 | 00,364,544 | ---- | M] (SoftThinks) [Auto | Stopped] -- C:\WINDOWS\SMINST\PCAngel.exe -- (PCA)
SRV - [2006/02/27 23:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2006/02/27 23:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2006/02/27 23:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2005/10/14 02:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/09/23 07:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - [2009/12/11 21:16:45 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091211.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/12/11 21:16:45 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091211.002\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/03 16:49:29 | 00,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/12/05 06:58:48 | 00,241,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2008/04/13 10:36:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/07/10 03:08:24 | 00,307,712 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/06/19 04:07:14 | 00,103,424 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2007/05/11 11:00:14 | 00,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2007/01/23 12:13:26 | 00,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/09/24 21:23:14 | 00,003,584 | ---- | M] (Realtime Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UltraMonMirror.sys -- (UltraMonMirror)
DRV - [2006/09/24 21:22:52 | 00,011,776 | ---- | M] (Realtime Soft) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2006/05/10 07:00:16 | 00,156,160 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/02/27 18:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005/01/07 17:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 09:29:50 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 09:29:48 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 09:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 09:29:46 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 09:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 09:29:44 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 09:29:44 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 09:29:42 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 09:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 09:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 09:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 09:29:38 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 09:29:38 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 09:29:38 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 09:29:38 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2003/05/02 21:08:22 | 00,030,208 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2003/05/02 21:08:18 | 00,224,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)
DRV - [2002/05/08 09:44:42 | 00,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002/04/03 21:32:06 | 00,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/16 23:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/16 23:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (1133 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [UltraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\noob340\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O4 - Startup: C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Woot - One Day, One Deal (SM).url ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1259887812014 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99C7B1B6-C556-4BA2-BBF6-4E19394A260B} https://gf.custhelp..../RNTProcMan.cab (RNTProcessManager Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.11 192.168.200.36 172.16.2.11 172.16.2.10 172.16.3.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gfhome.gf.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\STUFF\UTILITIES\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 17:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{71138eb5-0a7c-11dd-bd8b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{71138eb5-0a7c-11dd-bd8b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa730316-bddc-11de-a2f6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{aa730316-bddc-11de-a2f6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa730316-bddc-11de-a2f6-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{fdb94e01-0818-11dd-aea4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{fdb94e01-0818-11dd-aea4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/03/20 01:52:33 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/17 14:52:55 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/12/17 14:38:30 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/17 14:23:50 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\noob340\Desktop\OTL.exe
[2009/12/17 14:10:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Help
[2009/12/17 14:10:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Help
[2009/12/17 12:35:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Malwarebytes
[2009/12/17 12:35:38 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/17 12:35:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/17 12:35:36 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/17 12:35:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/16 13:48:11 | 00,000,000 | ---D | C] -- C:\Program Files\Ektron
[2009/12/16 11:11:54 | 00,163,840 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPJCMN2U.DLL
[2009/12/16 11:11:54 | 00,094,208 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPJIPX1U.DLL
[2009/12/16 11:11:53 | 00,241,721 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPBMINI.DLL
[2009/12/16 11:11:53 | 00,053,248 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZIPM12.DLL
[2009/12/16 11:11:53 | 00,049,152 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZIDR12.DLL
[2009/12/16 11:11:53 | 00,049,152 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPBNRAC2.DLL
[2009/12/16 11:11:53 | 00,043,520 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZINW12.DLL
[2009/12/16 11:11:53 | 00,039,424 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\HPBPRO.DLL
[2009/12/16 11:11:53 | 00,033,280 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZIPR12.DLL
[2009/12/16 11:11:53 | 00,029,696 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZIPT12.DLL
[2009/12/16 11:11:53 | 00,025,600 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\HPBOID.DLL
[2009/12/16 11:11:53 | 00,024,576 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\HPBMIAPI.DLL
[2009/12/16 11:11:53 | 00,020,480 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZISN12.DLL
[2009/12/16 11:11:53 | 00,007,680 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\HPBPROPS.DLL
[2009/12/16 11:11:53 | 00,007,680 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\HPBOIDPS.DLL
[2009/12/15 13:37:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\JetBrains
[2009/12/15 13:37:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\JetBrains
[2009/12/15 13:35:16 | 00,000,000 | ---D | C] -- C:\Program Files\JetBrains
[2009/12/15 13:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Desktop\Ponged Push
[2009/12/11 10:32:36 | 00,000,000 | ---D | C] -- C:\Program Files\IIS
[2009/12/10 10:34:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\All Device Emulators
[2009/12/08 14:30:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Shared Wallpapers
[2009/12/08 11:57:48 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/08 11:57:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/12/08 11:57:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Apple
[2009/12/08 11:57:30 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/12/08 11:57:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/12/08 11:57:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Apple Computer
[2009/12/04 17:40:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\AdobeUM
[2009/12/04 13:57:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Realtime Soft
[2009/12/04 13:57:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Realtime Soft
[2009/12/04 13:57:18 | 00,000,000 | ---D | C] -- C:\Program Files\UltraMon
[2009/12/04 13:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Realtime Soft
[2009/12/04 11:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian
[2009/12/04 10:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\ASPNET
[2009/12/04 10:38:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Windows Search
[2009/12/04 10:37:24 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/12/04 10:36:06 | 00,000,000 | ---D | C] -- C:\Program Files\Helicon
[2009/12/04 10:17:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2009/12/04 10:17:09 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/12/04 10:06:25 | 00,000,000 | ---D | C] -- C:\Program Files\IIsAdmin.NET 1.1
[2009/12/03 17:58:12 | 00,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2009/12/03 17:53:48 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Emulator
[2009/12/03 17:52:42 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2009/12/03 17:51:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/12/03 17:51:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/12/03 17:45:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/12/03 17:42:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Temp
[2009/12/03 17:42:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Google
[2009/12/03 17:41:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Deployment
[2009/12/03 17:40:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2009/12/03 17:37:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/12/03 17:37:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/12/03 17:37:26 | 00,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2009/12/03 17:37:26 | 00,000,000 | ---D | C] -- C:\Program Files\CE Remote Tools
[2009/12/03 17:36:05 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Web Designer Tools
[2009/12/03 17:30:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2009/12/03 17:29:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache
[2009/12/03 17:29:40 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/12/03 17:29:40 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/12/03 17:29:40 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regtrace.exe
[2009/12/03 17:29:40 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/12/03 17:29:40 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpctrs.dll
[2009/12/03 17:29:40 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/12/03 17:29:40 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snprfdll.dll
[2009/12/03 17:29:40 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/12/03 17:29:39 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/12/03 17:29:39 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/12/03 17:29:39 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fcachdll.dll
[2009/12/03 17:29:39 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/12/03 17:29:39 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/12/03 17:29:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/12/03 17:29:39 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiisex.dll
[2009/12/03 17:29:17 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/12/03 17:29:17 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/12/03 17:29:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/12/03 17:29:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/12/03 17:29:17 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/12/03 17:29:17 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/12/03 17:29:17 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/12/03 17:29:17 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/12/03 17:29:16 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/12/03 17:29:16 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/12/03 17:29:16 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/12/03 17:29:16 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/12/03 17:29:16 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/12/03 17:29:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/12/03 17:29:16 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/12/03 17:29:16 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/12/03 17:29:16 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/12/03 17:29:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3svapi.dll
[2009/12/03 17:29:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/12/03 17:29:16 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/12/03 17:29:16 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ctrs.dll
[2009/12/03 17:29:15 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/12/03 17:29:15 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/12/03 17:29:15 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/12/03 17:29:15 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsloc.dll
[2009/12/03 17:29:15 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/12/03 17:29:15 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisreset.exe
[2009/12/03 17:29:15 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/12/03 17:29:15 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/12/03 17:29:15 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aspperf.dll
[2009/12/03 17:29:15 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/12/03 17:29:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wamregps.dll
[2009/12/03 17:29:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/12/03 17:29:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftpsapi2.dll
[2009/12/03 17:29:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/12/03 17:29:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisrstap.dll
[2009/12/03 17:29:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/12/03 17:29:15 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismui.dll
[2009/12/03 17:29:15 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/12/03 17:29:14 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/12/03 17:29:14 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\convlog.exe
[2009/12/03 17:29:14 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/12/03 17:29:14 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoctrs.dll
[2009/12/03 17:29:14 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/12/03 17:29:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/12/03 17:29:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admxprox.dll
[2009/12/03 17:29:09 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/12/03 17:29:09 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/12/03 17:29:09 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/12/03 17:29:09 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2009/12/03 17:29:09 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2009/12/03 17:29:08 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2009/12/03 17:29:08 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/12/03 17:29:08 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/12/03 17:29:08 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2009/12/03 17:29:08 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2009/12/03 17:29:08 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2009/12/03 17:29:08 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2009/12/03 17:29:08 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2009/12/03 17:29:08 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/12/03 17:29:08 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2009/12/03 17:29:07 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2009/12/03 17:29:07 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2009/12/03 17:29:07 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2009/12/03 17:29:06 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2009/12/03 17:29:05 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2009/12/03 17:29:05 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiis.dll
[2009/12/03 17:29:05 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisRtl.dll
[2009/12/03 17:29:05 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2009/12/03 17:29:05 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2009/12/03 17:29:05 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2009/12/03 17:29:05 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2009/12/03 17:29:05 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2009/12/03 17:29:05 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2009/12/03 17:29:05 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisext.dll
[2009/12/03 17:29:05 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismap.dll
[2009/12/03 17:29:05 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2009/12/03 17:29:05 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2009/12/03 17:29:05 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2009/12/03 17:29:05 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/12/03 17:29:05 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admwprox.dll
[2009/12/03 17:29:05 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2009/12/03 17:29:05 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exstrace.dll
[2009/12/03 17:29:05 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2009/12/03 17:29:05 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoadmn.dll
[2009/12/03 17:29:05 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2009/12/03 17:29:04 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/12/03 17:29:04 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/12/03 17:29:04 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2009/12/03 17:29:04 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/12/03 17:29:04 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2009/12/03 17:29:04 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2009/12/03 17:29:04 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/12/03 17:29:04 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/12/03 17:29:04 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/12/03 17:29:04 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2009/12/03 17:29:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/12/03 17:29:03 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2009/12/03 17:29:03 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2009/12/03 17:29:02 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\staxmem.dll
[2009/12/03 17:29:02 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2009/12/03 17:27:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/03 17:23:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2009/12/03 17:23:18 | 00,000,000 | ---D | C] -- C:\Inetpub
[2009/12/03 17:22:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Xenocode
[2009/12/03 17:12:04 | 00,000,000 | ---D | C] -- C:\Program Files\SQLXML 4.0
[2009/12/03 17:11:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2009/12/03 17:06:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009/12/03 17:06:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/12/03 17:06:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/12/03 17:00:07 | 00,000,000 | ---D | C] -- C:\Stuff
[2009/12/03 16:54:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Symantec
[2009/12/03 16:54:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Macromedia
[2009/12/03 16:54:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\InstallShield
[2009/12/03 16:54:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Identities
[2009/12/03 16:54:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Adobe
[2009/12/03 16:54:16 | 00,000,000 | --SD | C] -- C:\Documents and Settings\noob340\Application Data\Microsoft
[2009/12/03 16:54:16 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\noob340\Application Data
[2009/12/03 16:54:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\noob340\Favorites
[2009/12/03 16:54:16 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\noob340\IETldCache
[2009/12/03 16:54:16 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\noob340\Cookies
[2009/12/03 16:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Windows Desktop Search
[2009/12/03 16:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Sun
[2009/12/03 16:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\SampleView
[2009/12/03 16:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\OfficeUpdate12
[2009/12/03 16:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Desktop
[2009/12/03 16:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Adobe
[2009/12/03 16:54:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\ApplicationHistory
[2009/12/03 16:54:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\AOL
[2009/12/03 16:54:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Identities
[2009/12/03 16:54:12 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\noob340\SendTo
[2009/12/03 16:54:12 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\noob340\Recent
[2009/12/03 16:54:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\noob340\My Documents\My Pictures
[2009/12/03 16:54:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\noob340\My Documents\My Music
[2009/12/03 16:54:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\noob340\My Documents
[2009/12/03 16:54:12 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\noob340\PrivacIE
[2009/12/03 16:54:12 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\noob340\PrintHood
[2009/12/03 16:54:12 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\noob340\NetHood
[2009/12/03 16:54:12 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\noob340\Local Settings
[2009/12/03 16:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Seven Zip
[2009/12/03 16:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Microsoft Help
[2009/12/03 16:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Microsoft
[2009/12/03 16:54:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\noob340\Start Menu
[2009/12/03 16:54:11 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\noob340\UserData
[2009/12/03 16:54:11 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\noob340\Templates
[2009/12/03 16:51:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2009/12/03 16:50:03 | 00,083,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/03 16:50:03 | 00,073,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/03 16:49:49 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec_Client_Security
[2009/12/03 16:49:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/12/03 15:43:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\Visual Studio 2008
[2009/12/03 15:43:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\Visual Studio 2005
[2009/12/03 15:43:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\Test Client Projects
[2009/12/03 15:43:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\SQL Server Management Studio
[2009/12/03 15:43:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\RD
[2009/12/03 15:43:13 | 00,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/12/03 15:43:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\noob340\My Documents\My Wallpapers
[2009/12/03 15:43:05 | 00,000,000 | --SD | C] -- C:\Documents and Settings\noob340\My Documents\My Shapes
[2009/12/03 15:43:05 | 00,000,000 | R--D | C] -- C:\Documents and Settings\noob340\My Documents\My Videos
[2009/12/03 15:43:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\My Virtual Machines
[2009/12/03 15:42:54 | 00,000,000 | --SD | C] -- C:\Documents and Settings\noob340\My Documents\My Data Sources
[2009/12/03 15:42:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\My Google Gadgets
[2009/12/03 15:42:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\My Device Emulators
[2009/12/03 15:42:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\LINQPad Queries
[2009/12/03 15:42:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\Fiddler2
[2009/12/03 15:42:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\Downloads
[2009/12/03 15:42:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\Bluetooth Exchange Folder
[2009/12/03 15:42:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\ApexSQL
[2009/12/03 15:42:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\My Documents\Altova
[2009/12/03 15:42:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Desktop\Ponged Backup
[2009/12/03 15:42:07 | 00,156,160 | R--- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\b57xp32.sys
[2009/12/03 15:42:07 | 00,156,160 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2009/12/03 15:39:41 | 00,000,000 | ---D | C] -- C:\Intel
[2008/10/06 17:32:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/20 01:52:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/03/20 01:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/17 15:47:00 | 00,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1518961344-1185037322-829504276-1823UA.job
[2009/12/17 15:41:34 | 00,690,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/17 15:41:34 | 00,562,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/17 15:41:34 | 00,114,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/17 15:37:25 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/17 15:37:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/17 15:37:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/17 15:36:36 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\noob340\NTUSER.DAT
[2009/12/17 15:36:36 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\noob340\ntuser.ini
[2009/12/17 15:36:35 | 01,930,896 | -H-- | M] () -- C:\Documents and Settings\noob340\Local Settings\Application Data\IconCache.db
[2009/12/17 14:23:50 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\noob340\Desktop\OTL.exe
[2009/12/17 12:58:53 | 00,057,992 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/17 12:38:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\VPC32.INI
[2009/12/17 11:56:22 | 00,001,860 | -H-- | M] () -- C:\Documents and Settings\noob340\My Documents\Default.rdp
[2009/12/16 17:47:00 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1518961344-1185037322-829504276-1823Core.job
[2009/12/16 13:17:31 | 00,000,454 | RHS- | M] () -- C:\Documents and Settings\noob340\ntuser.pol
[2009/12/15 13:09:16 | 00,002,277 | ---- | M] () -- C:\Documents and Settings\noob340\Desktop\IIsAdmin.NET 1.1.lnk
[2009/12/10 13:04:32 | 00,000,166 | ---- | M] () -- C:\Documents and Settings\noob340\Desktop\GFM Prod Maintenence Mode.bat
[2009/12/09 09:23:19 | 00,000,046 | ---- | M] () -- C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Woot - One Day, One Deal (SM).url
[2009/12/09 03:02:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/08 09:31:28 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Launch Microsoft Office Outlook.lnk
[2009/12/04 11:55:41 | 00,000,688 | ---- | M] () -- C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Trillian.lnk
[2009/12/04 11:20:29 | 00,000,016 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/12/04 10:34:16 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\noob340\My Documents\My Computer.lnk
[2009/12/04 09:50:35 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\noob340\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 18:49:43 | 00,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/03 18:30:00 | 00,000,520 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/12/03 17:48:17 | 00,071,368 | ---- | M] () -- C:\Documents and Settings\noob340\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/03 17:32:00 | 00,001,649 | ---- | M] () -- C:\Documents and Settings\noob340\Desktop\Internet Information Services.lnk
[2009/12/03 16:49:29 | 00,124,167 | ---- | M] () -- C:\WINDOWS\System32\SYMEVNT.386
[2009/12/03 16:49:29 | 00,083,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/03 16:49:29 | 00,073,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/03 16:48:33 | 00,002,904 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 15:39:50 | 00,037,207 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/12/03 15:39:45 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.dat
[2009/12/03 15:39:12 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/11/30 18:06:54 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\noob340\My Documents\Book1.xls
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/17 12:58:53 | 00,057,992 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/17 12:38:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/12/16 11:11:54 | 00,018,747 | ---- | C] () -- C:\WINDOWS\System32\HPCEAC06.HPI
[2009/12/10 11:38:13 | 00,000,166 | ---- | C] () -- C:\Documents and Settings\noob340\Desktop\GFM Prod Maintenence Mode.bat
[2009/12/09 09:23:19 | 00,000,046 | ---- | C] () -- C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Woot - One Day, One Deal (SM).url
[2009/12/08 09:31:28 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Launch Microsoft Office Outlook.lnk
[2009/12/04 11:56:38 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Trillian.lnk
[2009/12/04 11:20:29 | 00,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/04 10:34:16 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\noob340\My Documents\My Computer.lnk
[2009/12/04 09:50:35 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\noob340\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 17:42:16 | 00,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1518961344-1185037322-829504276-1823UA.job
[2009/12/03 17:42:13 | 00,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1518961344-1185037322-829504276-1823Core.job
[2009/12/03 17:29:40 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/12/03 17:29:40 | 00,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h
[2009/12/03 17:29:39 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/12/03 17:29:39 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h
[2009/12/03 17:29:16 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/12/03 17:29:16 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/12/03 17:29:16 | 00,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2009/12/03 17:29:15 | 00,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h
[2009/12/03 17:29:14 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/12/03 17:29:14 | 00,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h
[2009/12/03 16:54:31 | 00,000,454 | RHS- | C] () -- C:\Documents and Settings\noob340\ntuser.pol
[2009/12/03 16:54:11 | 00,000,278 | -HS- | C] () -- C:\Documents and Settings\noob340\ntuser.ini
[2009/12/03 16:54:09 | 02,883,584 | -H-- | C] () -- C:\Documents and Settings\noob340\NTUSER.DAT
[2009/12/03 16:50:03 | 00,124,167 | ---- | C] () -- C:\WINDOWS\System32\SYMEVNT.386
[2009/11/30 17:03:37 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\noob340\My Documents\Book1.xls
[2008/04/14 08:41:33 | 00,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/20 01:25:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/20 01:10:24 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/03/20 01:10:24 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/03/20 01:10:24 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/03/20 01:10:24 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/03/20 01:10:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/03/20 01:10:24 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/05/21 01:19:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/08 02:12:22 | 00,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: AHCIX86.SYS >
[2007/10/26 03:25:14 | 00,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\COMPAQ\HPBackup\update\DRIVERS\STORAGE\ahcix86.sys
[2007/10/26 03:25:14 | 00,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\DRIVERS\STORAGE\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %PROGRAMFILES%\*. >
[2008/04/14 14:53:14 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/04/14 08:52:32 | 00,000,000 | ---D | M] -- C:\Program Files\AIM Search
[2009/12/03 15:39:38 | 00,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2009/12/08 11:57:31 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/12/03 17:58:12 | 00,000,000 | ---D | M] -- C:\Program Files\Business Objects
[2009/12/03 17:37:26 | 00,000,000 | ---D | M] -- C:\Program Files\CE Remote Tools
[2009/12/04 13:57:19 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/03/20 01:18:36 | 00,000,000 | ---D | M] -- C:\Program Files\Compaq
[2008/03/20 01:52:31 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/04/14 12:53:49 | 00,000,000 | ---D | M] -- C:\Program Files\Diskeeper Corporation
[2009/12/16 13:48:11 | 00,000,000 | ---D | M] -- C:\Program Files\Ektron
[2009/12/04 10:37:26 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2009/12/04 10:36:06 | 00,000,000 | ---D | M] -- C:\Program Files\Helicon
[2008/03/20 01:23:04 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/03/20 01:10:56 | 00,000,000 | ---D | M] -- C:\Program Files\HPQ
[2009/12/03 17:41:23 | 00,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2009/12/11 10:32:36 | 00,000,000 | ---D | M] -- C:\Program Files\IIS
[2009/12/04 10:06:26 | 00,000,000 | ---D | M] -- C:\Program Files\IIsAdmin.NET 1.1
[2008/03/20 01:19:24 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/03/20 01:09:36 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/12/09 03:02:11 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/03/20 01:10:21 | 00,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2008/03/20 01:07:37 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/12/15 13:35:16 | 00,000,000 | ---D | M] -- C:\Program Files\JetBrains
[2009/12/17 12:35:42 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/06 17:25:43 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/12/09 11:27:39 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/04/14 08:41:00 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/12/03 17:11:46 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2009/12/04 10:17:58 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ASP.NET
[2009/12/03 17:53:48 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Device Emulator
[2008/03/20 01:52:31 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/12/03 17:41:41 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/12/03 17:37:26 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2009/12/03 17:55:58 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/12/03 17:51:46 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/12/03 17:51:46 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2009/12/03 17:06:32 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/12/03 18:27:20 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/12/03 17:36:26 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Web Designer Tools
[2009/12/03 17:50:35 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/10/06 17:23:00 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/12/03 17:40:58 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/03/20 01:52:31 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/03/20 01:52:31 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/03/20 01:16:06 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/10/06 17:21:16 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/03/20 01:52:31 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/10/20 17:36:07 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/04/14 15:41:49 | 00,000,000 | ---D | M] -- C:\Program Files\Program Shortcuts
[2009/12/08 11:58:14 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/10/20 17:13:56 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/12/03 17:12:04 | 00,000,000 | ---D | M] -- C:\Program Files\SQLXML 4.0
[2009/12/03 16:50:03 | 00,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/12/03 16:49:49 | 00,000,000 | ---D | M] -- C:\Program Files\Symantec_Client_Security
[2009/12/04 18:30:38 | 00,000,000 | ---D | M] -- C:\Program Files\Trillian
[2009/12/04 13:57:19 | 00,000,000 | ---D | M] -- C:\Program Files\UltraMon
[2008/03/20 01:52:31 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/10/20 17:24:54 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2008/10/06 17:23:19 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/12/03 17:53:27 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2008/10/06 17:21:11 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/03/20 01:52:31 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/04/14 12:46:44 | 00,000,000 | ---D | M] -- C:\Program Files\WinZip
[2008/03/20 01:52:31 | 00,000,000 | ---D | M] -- C:\Program Files\xerox

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-09 11:02:31
< End of report >

== Extras.Txt ==
OTL Extras logfile created on: 12/17/2009 3:51:04 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\noob340\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 44.44 Gb Free Space | 68.88% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 6.31 Gb Free Space | 63.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3007.30 Gb Total Space | 2326.48 Gb Free Space | 77.36% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 3007.30 Gb Total Space | 2326.48 Gb Free Space | 77.36% Space Free | Partition Type: NTFS
Drive T: | 3007.30 Gb Total Space | 2326.48 Gb Free Space | 77.36% Space Free | Partition Type: NTFS

Computer Name: noob340
Current User Name: noob340
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}" = Symantec AntiVirus Client
"{1682890F-2D5C-4DB3-8523-3338FF7E692D}" = Diskeeper 2007 Server
"{1A27EE51-7106-413A-9E0A-F41905262A64}" = Helicon ISAPI_Rewrite 3
"{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}" = Microsoft SQL Server 2005 Tools
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{514F054F-C222-4D0F-B82A-F15A14587E3E}" = JetBrains ReSharper 4.5
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{655DF806-7A9A-42D8-BF41-609FBC1B20C9}" = IIsAdmin.NET 1.1
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{766B3A7A-B5AE-33F5-9858-75E692799C84}" = Microsoft Visual Studio 2008 Team Explorer - ENU
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.14.1
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8C62A94B-4AB6-485F-A111-93056684D340}" = SQLXML4
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4394612-D02F-11DC-9BFF-D18556D89593}" = Microsoft ASP.NET MVC 1.0
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{E67FF1A2-23C1-4102-84E9-42115F77AD32}" = UltraMon
"{E69974C9-ECDC-4B02-97EB-FB1CE638CECB}" = Web Deployment Tool
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"HECI" = Intel® Management Engine Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Studio 2008 Team Explorer - ENU" = Microsoft Visual Studio 2008 Team Explorer - ENU
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Trillian" = Trillian
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2009 6:25:26 PM | Computer Name = noob340 | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Tidserv!inf in File: C:\WINDOWS\system32\drivers\atapi.sys
by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access
denied

Error - 12/17/2009 6:25:26 PM | Computer Name = noob340 | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Tidserv!inf in File: C:\WINDOWS\system32\drivers\atapi.sys.tmp
by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access
denied

Error - 12/17/2009 6:25:26 PM | Computer Name = noob340 | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Tidserv!inf in File: C:\WINDOWS\system32\drivers\atapi.sys
by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access
denied

Error - 12/17/2009 6:25:26 PM | Computer Name = noob340 | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Tidserv!inf in File: C:\WINDOWS\system32\drivers\atapi.sys
by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access
denied

Error - 12/17/2009 6:25:26 PM | Computer Name = noob340 | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Tidserv!inf in File: C:\WINDOWS\system32\drivers\atapi.sys.tmp
by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access
denied

Error - 12/17/2009 6:25:26 PM | Computer Name = noob340 | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Tidserv!inf in File: C:\WINDOWS\system32\drivers\atapi.sys
by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access
denied

Error - 12/17/2009 6:25:26 PM | Computer Name = noob340 | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Tidserv!inf in File: C:\WINDOWS\system32\drivers\atapi.sys.tmp
by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access
denied

Error - 12/17/2009 6:25:27 PM | Computer Name = noob340 | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Tidserv!inf in File: C:\WINDOWS\system32\drivers\atapi.sys
by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access
denied

Error - 12/17/2009 7:01:01 PM | Computer Name = noob340 | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Tidserv!inf in File: C:\WINDOWS\system32\drivers\atapi.sys.tmp
by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access
denied

Error - 12/17/2009 7:51:45 PM | Computer Name = noob340 | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Tidserv!inf in File: C:\WINDOWS\system32\drivers\atapi.sys.tmp
by: Realtime Protection scan. Action: Clean failed : Quarantine failed : Access
denied

[ System Events ]
Error - 12/17/2009 6:38:30 PM | Computer Name = noob340 | Source = Service Control Manager | ID = 7034
Description = The IIS Admin service terminated unexpectedly. It has done this 1
time(s).

Error - 12/17/2009 6:38:30 PM | Computer Name = noob340 | Source = Service Control Manager | ID = 7034
Description = The Simple Mail Transfer Protocol (SMTP) service terminated unexpectedly.
It has done this 1 time(s).

Error - 12/17/2009 6:38:30 PM | Computer Name = noob340 | Source = Service Control Manager | ID = 7034
Description = The World Wide Web Publishing service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/17/2009 6:43:22 PM | Computer Name = noob340 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/17/2009 6:43:22 PM | Computer Name = noob340 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/17/2009 6:53:25 PM | Computer Name = noob340 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 12/17/2009 6:53:25 PM | Computer Name = noob340 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/17/2009 6:53:25 PM | Computer Name = noob340 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/17/2009 7:36:35 PM | Computer Name = noob340 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/17/2009 7:36:37 PM | Computer Name = noob340 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

Edited by noob340, 17 December 2009 - 06:06 PM.

  • 0

#4
Rorschach112
Posted 17 December 2009 - 06:14 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\STUFF\UTILITIES\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O33 - MountPoints2\{71138eb5-0a7c-11dd-bd8b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{71138eb5-0a7c-11dd-bd8b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa730316-bddc-11de-a2f6-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{aa730316-bddc-11de-a2f6-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa730316-bddc-11de-a2f6-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{fdb94e01-0818-11dd-aea4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{fdb94e01-0818-11dd-aea4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
:Files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
noob340
Posted 17 December 2009 - 06:24 PM

noob340

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 12/17/2009 4:18:49 PM - Run 2
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\noob340\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 44.45 Gb Free Space | 68.89% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 6.31 Gb Free Space | 63.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3007.30 Gb Total Space | 2326.48 Gb Free Space | 77.36% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 3007.30 Gb Total Space | 2326.48 Gb Free Space | 77.36% Space Free | Partition Type: NTFS
Drive T: | 3007.30 Gb Total Space | 2326.48 Gb Free Space | 77.36% Space Free | Partition Type: NTFS

Computer Name: noob340
Current User Name: noob340
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/17 14:23:50 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\noob340\Desktop\OTL.exe
PRC - [2009/12/09 15:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\noob340\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/12/03 17:42:08 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\noob340\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/12/03 17:42:08 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Documents and Settings\noob340\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/09/01 00:00:00 | 01,873,272 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe
PRC - [2008/10/13 11:25:02 | 12,310,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/23 15:09:50 | 00,199,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/10 05:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/01/30 13:58:20 | 00,917,504 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/01 13:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/10/12 21:27:40 | 00,257,536 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
PRC - [2006/10/12 21:27:20 | 00,304,640 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMon.exe
PRC - [2006/07/10 10:53:08 | 00,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2006/02/27 23:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2005/09/23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
PRC - [2003/05/21 01:21:18 | 00,090,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe


========== Modules (SafeList) ==========

MOD - [2009/12/17 14:23:50 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\noob340\Desktop\OTL.exe
MOD - [2006/10/12 21:26:26 | 00,198,144 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll
MOD - [2005/06/10 12:30:56 | 00,002,560 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\Resources\en\RTSUltraMonHookRes.dll


========== Win32 Services (SafeList) ==========

SRV - [2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/02/10 05:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 05:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007/02/10 05:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/01/30 13:58:20 | 00,917,504 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/16 21:01:12 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZIPM12.DLL -- (Pml Driver HPZ12)
SRV - [2006/06/13 16:39:58 | 00,364,544 | ---- | M] (SoftThinks) [Auto | Stopped] -- C:\WINDOWS\SMINST\PCAngel.exe -- (PCA)
SRV - [2006/02/27 23:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2006/02/27 23:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2006/02/27 23:00:00 | 00,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2005/10/14 02:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/09/23 07:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2003/05/21 01:27:46 | 00,610,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 01:22:36 | 00,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [UltraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\noob340\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O4 - Startup: C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Woot - One Day, One Deal (SM).url ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1259887812014 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99C7B1B6-C556-4BA2-BBF6-4E19394A260B} https://gf.custhelp..../RNTProcMan.cab (RNTProcessManager Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.11 192.168.200.36 172.16.2.11 172.16.2.10 172.16.3.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gfhome.gf.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 17:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/17 14:52:55 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/12/17 14:38:30 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/17 14:23:50 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\noob340\Desktop\OTL.exe
[2009/12/17 14:10:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Help
[2009/12/17 14:10:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Help
[2009/12/17 12:35:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Malwarebytes
[2009/12/17 12:35:38 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/17 12:35:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/17 12:35:36 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/17 12:35:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/16 13:48:11 | 00,000,000 | ---D | C] -- C:\Program Files\Ektron
[2009/12/15 13:37:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\JetBrains
[2009/12/15 13:37:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\JetBrains
[2009/12/15 13:35:16 | 00,000,000 | ---D | C] -- C:\Program Files\JetBrains
[2009/12/15 13:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Desktop\Ponged Push
[2009/12/11 10:32:36 | 00,000,000 | ---D | C] -- C:\Program Files\IIS
[2009/12/10 10:34:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\All Device Emulators
[2009/12/08 14:30:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\Shared Wallpapers
[2009/12/08 11:57:48 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/08 11:57:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/12/08 11:57:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Apple
[2009/12/08 11:57:30 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/12/08 11:57:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/12/08 11:57:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Apple Computer
[2009/12/04 17:40:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\AdobeUM
[2009/12/04 13:57:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Realtime Soft
[2009/12/04 13:57:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Realtime Soft
[2009/12/04 13:57:18 | 00,000,000 | ---D | C] -- C:\Program Files\UltraMon
[2009/12/04 13:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Realtime Soft
[2009/12/04 11:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian
[2009/12/04 10:56:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\ASPNET
[2009/12/04 10:38:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Windows Search
[2009/12/04 10:37:24 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/12/04 10:36:06 | 00,000,000 | ---D | C] -- C:\Program Files\Helicon
[2009/12/04 10:17:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2009/12/04 10:17:09 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/12/04 10:06:25 | 00,000,000 | ---D | C] -- C:\Program Files\IIsAdmin.NET 1.1
[2009/12/03 17:58:12 | 00,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2009/12/03 17:53:48 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Emulator
[2009/12/03 17:52:42 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2009/12/03 17:51:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/12/03 17:51:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/12/03 17:45:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/12/03 17:42:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Temp
[2009/12/03 17:42:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Google
[2009/12/03 17:41:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Deployment
[2009/12/03 17:40:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2009/12/03 17:37:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/12/03 17:37:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/12/03 17:37:26 | 00,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2009/12/03 17:37:26 | 00,000,000 | ---D | C] -- C:\Program Files\CE Remote Tools
[2009/12/03 17:36:05 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Web Designer Tools
[2009/12/03 17:30:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2009/12/03 17:29:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache
[2009/12/03 17:27:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/03 17:23:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Logfiles
[2009/12/03 17:23:18 | 00,000,000 | ---D | C] -- C:\Inetpub
[2009/12/03 17:22:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Xenocode
[2009/12/03 17:12:04 | 00,000,000 | ---D | C] -- C:\Program Files\SQLXML 4.0
[2009/12/03 17:11:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2009/12/03 17:06:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009/12/03 17:06:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/12/03 17:06:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/12/03 17:00:07 | 00,000,000 | ---D | C] -- C:\Stuff
[2009/12/03 16:54:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Symantec
[2009/12/03 16:54:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Macromedia
[2009/12/03 16:54:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\InstallShield
[2009/12/03 16:54:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Identities
[2009/12/03 16:54:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Adobe
[2009/12/03 16:54:16 | 00,000,000 | --SD | C] -- C:\Documents and Settings\noob340\Application Data\Microsoft
[2009/12/03 16:54:16 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\noob340\Application Data
[2009/12/03 16:54:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\noob340\Favorites
[2009/12/03 16:54:16 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\noob340\IETldCache
[2009/12/03 16:54:16 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\noob340\Cookies
[2009/12/03 16:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Windows Desktop Search
[2009/12/03 16:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\Sun
[2009/12/03 16:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\SampleView
[2009/12/03 16:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Application Data\OfficeUpdate12
[2009/12/03 16:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Desktop
[2009/12/03 16:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Adobe
[2009/12/03 16:54:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\ApplicationHistory
[2009/12/03 16:54:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\AOL
[2009/12/03 16:54:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Identities
[2009/12/03 16:54:12 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\noob340\SendTo
[2009/12/03 16:54:12 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\noob340\Recent
[2009/12/03 16:54:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\noob340\My Documents\My Pictures
[2009/12/03 16:54:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\noob340\My Documents\My Music
[2009/12/03 16:54:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\noob340\My Documents
[2009/12/03 16:54:12 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\noob340\PrivacIE
[2009/12/03 16:54:12 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\noob340\PrintHood
[2009/12/03 16:54:12 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\noob340\NetHood
[2009/12/03 16:54:12 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\noob340\Local Settings
[2009/12/03 16:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Seven Zip
[2009/12/03 16:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Microsoft Help
[2009/12/03 16:54:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\noob340\Local Settings\Application Data\Microsoft
[2009/12/03 16:54:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\noob340\Start Menu
[2009/12/03 16:54:11 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\noob340\UserData
[2009/12/03 16:54:11 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\noob340\Templates
[2009/12/03 16:51:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2009/12/03 16:50:03 | 00,083,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/03 16:50:03 | 00,073,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/03 16:49:49 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec_Client_Security
[2009/12/03 16:49:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2008/10/06 17:32:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/20 01:52:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/03/20 01:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/17 16:21:01 | 00,690,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/17 16:21:01 | 00,562,606 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/17 16:21:01 | 00,114,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/17 16:16:55 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/17 16:16:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/17 16:16:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/17 16:15:54 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\noob340\NTUSER.DAT
[2009/12/17 16:15:54 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\noob340\ntuser.ini
[2009/12/17 16:15:46 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/12/17 15:47:00 | 00,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1518961344-1185037322-829504276-1823UA.job
[2009/12/17 15:36:35 | 01,930,896 | -H-- | M] () -- C:\Documents and Settings\noob340\Local Settings\Application Data\IconCache.db
[2009/12/17 14:23:50 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\noob340\Desktop\OTL.exe
[2009/12/17 12:58:53 | 00,057,992 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/17 12:38:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\VPC32.INI
[2009/12/17 11:56:22 | 00,001,860 | -H-- | M] () -- C:\Documents and Settings\noob340\My Documents\Default.rdp
[2009/12/16 17:47:00 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1518961344-1185037322-829504276-1823Core.job
[2009/12/16 13:17:31 | 00,000,454 | RHS- | M] () -- C:\Documents and Settings\noob340\ntuser.pol
[2009/12/15 13:09:16 | 00,002,277 | ---- | M] () -- C:\Documents and Settings\noob340\Desktop\IIsAdmin.NET 1.1.lnk
[2009/12/10 13:04:32 | 00,000,166 | ---- | M] () -- C:\Documents and Settings\noob340\Desktop\GFM Prod Maintenence Mode.bat
[2009/12/09 09:23:19 | 00,000,046 | ---- | M] () -- C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Woot - One Day, One Deal (SM).url
[2009/12/09 03:02:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/08 09:31:28 | 00,000,792 | ---- | M] () -- C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Launch Microsoft Office Outlook.lnk
[2009/12/04 11:55:41 | 00,000,688 | ---- | M] () -- C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Trillian.lnk
[2009/12/04 11:20:29 | 00,000,016 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/12/04 10:34:16 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\noob340\My Documents\My Computer.lnk
[2009/12/04 09:50:35 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\noob340\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 18:49:43 | 00,275,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/03 18:30:00 | 00,000,520 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/12/03 17:48:17 | 00,071,368 | ---- | M] () -- C:\Documents and Settings\noob340\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/03 17:32:00 | 00,001,649 | ---- | M] () -- C:\Documents and Settings\noob340\Desktop\Internet Information Services.lnk
[2009/12/03 16:49:29 | 00,124,167 | ---- | M] () -- C:\WINDOWS\System32\SYMEVNT.386
[2009/12/03 16:49:29 | 00,083,208 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/03 16:49:29 | 00,073,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/03 16:48:33 | 00,002,904 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/17 12:58:53 | 00,057,992 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/17 12:38:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/12/16 11:11:54 | 00,018,747 | ---- | C] () -- C:\WINDOWS\System32\HPCEAC06.HPI
[2009/12/10 11:38:13 | 00,000,166 | ---- | C] () -- C:\Documents and Settings\noob340\Desktop\GFM Prod Maintenence Mode.bat
[2009/12/09 09:23:19 | 00,000,046 | ---- | C] () -- C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Woot - One Day, One Deal (SM).url
[2009/12/08 09:31:28 | 00,000,792 | ---- | C] () -- C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Launch Microsoft Office Outlook.lnk
[2009/12/04 11:56:38 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Trillian.lnk
[2009/12/04 11:20:29 | 00,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/12/04 10:34:16 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\noob340\My Documents\My Computer.lnk
[2009/12/04 09:50:35 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\noob340\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 17:42:16 | 00,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1518961344-1185037322-829504276-1823UA.job
[2009/12/03 17:42:13 | 00,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1518961344-1185037322-829504276-1823Core.job
[2009/12/03 17:29:40 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/12/03 17:29:40 | 00,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h
[2009/12/03 17:29:39 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/12/03 17:29:39 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h
[2009/12/03 17:29:16 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/12/03 17:29:16 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/12/03 17:29:16 | 00,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2009/12/03 17:29:15 | 00,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h
[2009/12/03 17:29:14 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/12/03 17:29:14 | 00,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h
[2009/12/03 16:54:31 | 00,000,454 | RHS- | C] () -- C:\Documents and Settings\noob340\ntuser.pol
[2009/12/03 16:54:11 | 00,000,278 | -HS- | C] () -- C:\Documents and Settings\noob340\ntuser.ini
[2009/12/03 16:54:09 | 02,883,584 | -H-- | C] () -- C:\Documents and Settings\noob340\NTUSER.DAT
[2009/12/03 16:50:03 | 00,124,167 | ---- | C] () -- C:\WINDOWS\System32\SYMEVNT.386
[2008/04/14 08:41:33 | 00,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/20 01:25:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/20 01:10:24 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/03/20 01:10:24 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/03/20 01:10:24 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/03/20 01:10:24 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/03/20 01:10:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/03/20 01:10:24 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2003/05/21 01:19:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/08 02:12:22 | 00,000,790 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2009/12/03 17:45:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2009/10/20 17:01:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/15 13:37:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\noob340\Application Data\JetBrains
[2008/12/22 15:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\noob340\Application Data\OfficeUpdate12
[2008/03/20 01:22:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\noob340\Application Data\SampleView
[2008/10/06 17:07:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\noob340\Application Data\Windows Desktop Search
[2009/12/04 10:38:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\noob340\Application Data\Windows Search

========== Purity Check ==========


< End of report >
  • 0

#6
Rorschach112
Posted 17 December 2009 - 06:56 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download ComboFix from one of these locations:

Link 1


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#7
noob340
Posted 17 December 2009 - 07:35 PM

noob340

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix 09-12-17.01 - noob340 12/17/2009 17:07:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2235 [GMT -8:00]
Running from: c:\documents and settings\noob340\Desktop\KittyFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1003833170-1600302545-2440717531-500
c:\recycler\S-1-5-21-1125628721-630573163-632678243-500
c:\recycler\S-1-5-21-1693044899-2669353474-3392664815-500
c:\recycler\S-1-5-21-263268559-3488974603-552087275-500
c:\recycler\S-1-5-21-3270948392-3036356824-645937394-500
c:\recycler\S-1-5-21-3277581183-2724506324-4180414920-500
c:\recycler\S-1-5-21-3305473835-3502767125-2962516668-500
c:\windows\EventSystem.log
c:\windows\system32\Cache
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IMAPISERVICE
-------\Service_ImapiService


((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.

2009-12-17 22:38 . 2009-12-17 22:38 -------- d-----w- C:\_OTL
2009-12-17 22:10 . 2009-12-17 22:10 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Help
2009-12-17 20:58 . 2009-12-17 20:58 57992 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-17 20:35 . 2009-12-17 20:35 -------- d-----w- c:\documents and settings\noob340\Application Data\Malwarebytes
2009-12-17 20:35 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-17 20:35 . 2009-12-17 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-17 20:35 . 2009-12-17 20:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-17 20:35 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-16 21:48 . 2009-12-16 21:48 -------- d-----w- c:\program files\Ektron
2009-12-15 21:37 . 2009-12-15 21:37 -------- d-----w- c:\documents and settings\noob340\Local Settings\Application Data\JetBrains
2009-12-15 21:37 . 2009-12-15 21:37 -------- d-----w- c:\documents and settings\noob340\Application Data\JetBrains
2009-12-15 21:35 . 2009-12-15 21:35 -------- d-----w- c:\program files\JetBrains
2009-12-12 05:16 . 2009-12-12 05:16 84912 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\NAVENG.SYS
2009-12-12 05:16 . 2009-12-12 05:16 371248 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\EECTRL.SYS
2009-12-12 05:16 . 2009-12-12 05:16 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\CCERASER.DLL
2009-12-12 05:16 . 2009-12-12 05:16 259440 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\ECMSVR32.DLL
2009-12-12 05:16 . 2009-12-12 05:16 177520 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\NAVENG32.DLL
2009-12-12 05:16 . 2009-12-12 05:16 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\NAVEX32A.DLL
2009-12-12 05:16 . 2009-12-12 05:16 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\NAVEX15.SYS
2009-12-12 05:16 . 2009-12-12 05:16 102448 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2f1602.vdb\ERASER.SYS
2009-12-11 18:32 . 2009-12-11 18:32 -------- d-----w- c:\program files\IIS
2009-12-08 19:57 . 2009-12-08 19:58 -------- d-----w- c:\program files\QuickTime
2009-12-08 19:57 . 2009-12-08 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-08 19:57 . 2009-12-08 19:57 -------- d-----w- c:\documents and settings\noob340\Local Settings\Application Data\Apple
2009-12-08 19:57 . 2009-12-08 19:57 -------- d-----w- c:\program files\Apple Software Update
2009-12-08 19:57 . 2009-12-08 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-08 19:57 . 2009-12-08 19:57 -------- d-----w- c:\documents and settings\noob340\Local Settings\Application Data\Apple Computer
2009-12-05 01:40 . 2009-12-05 01:40 -------- d-----w- c:\documents and settings\noob340\Application Data\AdobeUM
2009-12-04 21:57 . 2009-12-04 21:57 -------- d-----w- c:\documents and settings\noob340\Application Data\Realtime Soft
2009-12-04 21:57 . 2009-12-04 21:57 -------- d-----w- c:\program files\Common Files\Realtime Soft
2009-12-04 21:57 . 2009-12-04 21:57 -------- d-----w- c:\program files\UltraMon
2009-12-04 21:57 . 2009-12-04 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Realtime Soft
2009-12-04 19:20 . 2009-12-05 02:30 -------- d-----w- c:\program files\Trillian
2009-12-04 18:38 . 2009-12-04 18:38 -------- d-----w- c:\documents and settings\noob340\Application Data\Windows Search
2009-12-04 18:37 . 2009-12-04 18:37 -------- d-----w- c:\program files\Google
2009-12-04 18:36 . 2009-12-04 18:36 -------- d-----w- c:\program files\Helicon
2009-12-04 18:17 . 2009-12-04 18:17 -------- d-----w- c:\program files\Microsoft ASP.NET
2009-12-04 18:17 . 2009-12-09 19:27 -------- d-----w- c:\program files\Microsoft
2009-12-04 18:06 . 2009-12-04 18:06 -------- d-----w- c:\program files\IIsAdmin.NET 1.1
2009-12-04 01:58 . 2009-12-04 01:58 -------- d-----w- c:\program files\Business Objects
2009-12-04 01:53 . 2009-12-04 01:53 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-12-04 01:52 . 2009-12-04 01:53 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2009-12-04 01:51 . 2009-12-04 01:51 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-12-04 01:51 . 2009-12-04 01:51 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-04 01:48 . 2009-12-04 02:26 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-12-04 01:48 . 2009-12-15 21:35 18848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-12-04 01:45 . 2009-12-04 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-12-04 01:42 . 2009-12-16 13:42 -------- d-----w- c:\documents and settings\noob340\Local Settings\Application Data\Temp
2009-12-04 01:42 . 2009-12-04 18:37 -------- d-----w- c:\documents and settings\noob340\Local Settings\Application Data\Google
2009-12-04 01:41 . 2009-12-04 01:42 -------- d-----w- c:\documents and settings\noob340\Local Settings\Application Data\Deployment
2009-12-04 01:40 . 2009-12-04 01:40 -------- d-----w- c:\windows\symbols
2009-12-04 01:37 . 2009-12-04 02:27 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-12-04 01:37 . 2009-12-04 01:41 -------- d-----w- c:\program files\HTML Help Workshop
2009-12-04 01:37 . 2009-12-04 01:37 -------- d-----w- c:\program files\Microsoft SDKs
2009-12-04 01:37 . 2009-12-04 01:37 -------- d-----w- c:\program files\CE Remote Tools
2009-12-04 01:36 . 2009-12-04 01:36 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-12-04 01:34 . 2009-12-04 02:26 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-12-04 01:30 . 2009-12-04 01:30 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2009-12-04 01:23 . 2009-12-09 21:33 -------- d-----w- c:\windows\system32\Logfiles
2009-12-04 01:23 . 2009-12-04 01:30 -------- d-----w- C:\Inetpub
2009-12-04 01:22 . 2009-12-04 01:22 -------- d-----w- c:\documents and settings\noob340\Local Settings\Application Data\Xenocode
2009-12-04 01:12 . 2009-12-04 01:12 -------- d-----w- c:\program files\SQLXML 4.0
2009-12-04 01:11 . 2009-12-04 01:11 -------- d-----w- c:\program files\Microsoft Analysis Services
2009-12-04 01:06 . 2009-12-04 01:45 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-12-04 01:06 . 2009-12-04 01:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-04 01:06 . 2009-12-04 01:06 -------- d--h--w- c:\windows\PIF
2009-12-04 01:00 . 2009-12-04 02:28 -------- d-----w- C:\Stuff
2009-12-04 00:51 . 2009-12-04 00:51 -------- d-----w- c:\windows\SchCache
2009-12-04 00:50 . 2009-12-04 00:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-12-04 00:50 . 2009-12-04 00:49 83208 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-04 00:50 . 2009-12-04 00:49 73496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-04 00:49 . 2009-12-04 00:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-04 00:49 . 2009-12-04 00:49 -------- d-----w- c:\program files\Symantec_Client_Security
2009-12-04 00:48 . 2009-12-04 00:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-12-03 23:42 . 2009-12-04 00:55 -------- d-----w- c:\temp\noob340
2009-12-03 23:42 . 2006-05-10 15:00 156160 ----a-w- c:\windows\system32\dllcache\b57xp32.sys
2009-12-03 23:42 . 2006-05-10 15:00 156160 ----a-r- c:\windows\system32\drivers\b57xp32.sys
2009-12-03 23:39 . 2009-12-03 23:39 -------- d-----w- C:\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 20:21 . 2004-08-04 00:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys.tmp
2009-12-04 02:26 . 2008-03-20 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-04 02:14 . 2008-03-20 09:15 71808 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 01:55 . 2008-03-20 09:15 -------- d-----w- c:\program files\Microsoft SQL Server
2009-12-04 01:50 . 2008-04-14 16:40 -------- d-----w- c:\program files\Microsoft.NET
2009-12-04 01:48 . 2009-12-04 00:54 71368 ----a-w- c:\documents and settings\noob340\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 01:40 . 2009-10-21 01:13 -------- d-----w- c:\program files\MSBuild
2009-12-04 01:04 . 2008-04-14 16:52 -------- d-----w- c:\program files\Common Files\AOL
2009-12-04 00:50 . 2008-04-14 17:36 -------- d-----w- c:\program files\Symantec
2009-12-03 23:39 . 2009-10-21 01:05 -------- d-----w- c:\program files\Analog Devices
2009-10-29 07:45 . 2006-02-28 02:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-02-28 02:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 02:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 01:24 . 2008-10-07 01:07 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-21 01:13 . 2009-10-21 01:13 -------- d-----w- c:\program files\Reference Assemblies
2009-10-21 01:01 . 2008-04-14 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-20 16:20 . 2006-02-28 02:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-02-28 02:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-02-28 02:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-02-28 02:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-08 22:57 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 22:57 . 2006-02-28 02:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 22:56 . 2006-02-28 02:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\noob340\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-04 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-13 304640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1518961344-1185037322-829504276-1823\Scripts\Logon\0\0]
"Script"=\\gfhome.gf.com\SysVol\gfhome.gf.com\scripts\mapdrives.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 9:22 PM 11776]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [9/24/2006 9:23 PM 3584]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 12:13 PM 36608]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: {99C7B1B6-C556-4BA2-BBF6-4E19394A260B} - hxxps://gf.custhelp.com:/rnt/rnw/client_files/RNTProcMan.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-17 17:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 924 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2788)
c:\windows\system32\WININET.dll
c:\program files\UltraMon\RTSUltraMonHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\UltraMon\Resources\en\RTSUltraMonHookRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\documents and settings\noob340\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE
c:\program files\Trillian\trillian.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\program files\UltraMon\UltraMonTaskbar.exe
.
**************************************************************************
.
Completion time: 2009-12-17 17:32:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 01:32

Pre-Run: 47,617,437,696 bytes free
Post-Run: 47,460,077,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8A31D42B6A0A7CFDC64DAA7133F17849
  • 0

#8
Rorschach112
Posted 18 December 2009 - 06:31 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • c:\windows\system32\drivers\atapi.sys.tmp
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Open OTL click the none button, paste this in the custom scan box

/md5start
atapi.sys
/md5stop

click run scan post that log
  • 0

#9
noob340
Posted 18 December 2009 - 12:21 PM

noob340

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Good morning - thanks for all your help so far.

Here is the results from the virscan:

VirSCAN.org Scanned Report :
Scanned time : 2009/12/18 09:55:06 (PST)
Scanner results: 27% Scanner(s) (10/37) found malware!
File Name : atapi.sys.tmp
File Size : 96512 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : 8ad28e3ec64882c2efa75c4b3e7b0f5d
SHA1 : f15d01435f3022f26d7c71222a4cef2b9d1ed549
Online report : http://virscan.org/r...67a9b2bf97.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091218180154 2009-12-18 0.08 -
AhnLab V3 2009.12.18.02 2009.12.18 2009-12-18 0.08 -
AntiVir 8.2.1.114 7.10.2.22 2009-12-18 0.06 TR/Patched.Gen
Antiy 2.0.18 20091218.3500546 2009-12-18 0.12 -
Arcavir 2009 200912181226 2009-12-18 0.04 -
Authentium 5.1.1 200912181523 2009-12-18 1.45 -
AVAST! 4.7.4 091218-0 2009-12-18 0.01 Win32:Alureon-EU
AVG 8.5.288 270.14.113/2573 2009-12-18 0.33 -
BitDefender 7.81008.4743540 7.29506 2009-12-19 4.12 -
CA (VET) 35.1.0 7181 2009-12-17 0.08 -
ClamAV 0.95.2 10197 2009-12-18 0.02 -
Comodo 3.13 3287 2009-12-18 0.08 -
CP Secure 1.3.0.5 2009.12.18 2009-12-18 0.07 -
Dr.Web 4.44.0.9170 2009.12.18 2009-12-18 7.79 BackDoor.Tdss.1365
F-Prot 4.4.4.56 20091218 2009-12-18 1.42 -
F-Secure 7.02.73807 2009.12.18.05 2009-12-18 9.40 Rootkit:W32/TDSS.gen!D [FSE]
Fortinet 11.288- 11.288 2009-12-18 0.09 -
GData 19.9394/19.631 20091218 2009-12-18 0.08 -
ViRobot 20091218 2009.12.18 2009-12-18 0.08 -
Ikarus T3.1.01.79 2009.12.18.74794 2009-12-18 4.15 Rootkit.Win32.TDSS
JiangMin 13.0.900 2009.12.18 2009-12-18 0.08 -
Kaspersky 5.5.10 2009.12.18 2009-12-18 0.07 Rootkit.Win32.TDSS.y
KingSoft 2009.2.5.15 2009.12.18.17 2009-12-18 0.08 -
McAfee 5.3.00 5835 2009-12-17 3.38 -
Microsoft 1.5302 2009.12.18 2009-12-18 0.08 -
Norman 6.01.09 6.01.00 2009-12-18 4.01 W32/tdss.drv.gen6
Panda 9.05.01 2009.12.18 2009-12-18 0.08 -
Trend Micro 9.000-1003 6.702.05 2009-12-18 0.03 -
Quick Heal 10.00 2009.12.18 2009-12-18 0.08 -
Rising 20.0 22.26.04.02 2009-12-18 0.08 -
Sophos 3.03.0 4.49 2009-12-19 2.64 Mal/TDSS-G
Sunbelt 3.9.2388.2 5568 2009-12-17 0.08 -
Symantec 1.3.0.24 20091218.003 2009-12-18 0.05 Backdoor.Tidserv!inf
nProtect 20091218.02 6640190 2009-12-18 0.08 -
The Hacker 6.5.0.2 v00098 2009-12-18 0.08 -
VBA32 3.12.12.0 20091217.2116 2009-12-17 2.22 Rootkit.Win32.TDSL
VirusBuster 4.5.11.10 10.118.1/2016547 2009-12-18 2.42 -

========================================================
and the OTL:

OTL logfile created on: 12/18/2009 10:03:39 AM - Run 4
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\noob340\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.52 Gb Total Space | 44.18 Gb Free Space | 68.47% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 6.31 Gb Free Space | 63.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3007.30 Gb Total Space | 2332.25 Gb Free Space | 77.55% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 3007.30 Gb Total Space | 2332.25 Gb Free Space | 77.55% Space Free | Partition Type: NTFS
Drive T: | 3007.30 Gb Total Space | 2332.25 Gb Free Space | 77.55% Space Free | Partition Type: NTFS

Computer Name: noob340
Current User Name: noob340
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/20 17:25:05 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [UltraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\noob340\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O4 - Startup: C:\Documents and Settings\noob340\Start Menu\Programs\Startup\Woot - One Day, One Deal (SM).url ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1259887812014 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99C7B1B6-C556-4BA2-BBF6-4E19394A260B} https://gf.custhelp..../RNTProcMan.cab (RNTProcessManager Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.11 192.168.200.36 172.16.2.11 172.16.2.10 172.16.3.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gfhome.gf.com
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
< End of report >
  • 0

#10
Rorschach112
Posted 22 December 2009 - 05:21 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services

:Reg

:Files
c:\windows\system32\drivers\atapi.sys.tmp
:Commands
[purity]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#11
Rorschach112
Posted 28 December 2009 - 10:13 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP