I'm attempting to clean a family member's computer and I usually have success by running Malwarebytes and Superantispyware, but this computer has a number of issues.
I went through the recommended steps. Malwarebytes does not run, it crashes after hitting Quick Scan. Other issues include the Google redirects and nonfunctional antivirus software. In addition, their hard drive is jam packed and I'm having trouble accounting for where all the hard drive usage is. There's no music or videos, few photos, and few programs installed.
Here are the requested logs.
ROOTREPEAL:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/19 19:51
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEB86A000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8AC9000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9C6C000 Size: 49152 File Visible: No Signed: -
Status: -
Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF8907000 Size: 20480 File Visible: No Signed: -
Status: -
Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xEBAE6000 Size: 61440 File Visible: No Signed: -
Status: -
==EOF==
OTL
OTL logfile created on: 10/19/2009 7:52:32 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Dan.HOME\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: | Country: | Language: | Date Format:
509.98 Mb Total Physical Memory | 293.95 Mb Available Physical Memory | 57.64% Memory free
1.22 Gb Paging File | 0.99 Gb Available in Paging File | 80.96% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.81 Gb Total Space | 0.04 Gb Free Space | 0.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.55 Gb Total Space | 7.43 Gb Free Space | 98.38% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME
Current User Name: Dan
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/10/19 13:37:34 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan.HOME\Desktop\OTL.exe
PRC - [2009/08/27 01:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/10 00:26:20 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/01/04 17:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/23 08:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/11/02 16:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
PRC - [2003/08/27 10:29:46 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
PRC - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
========== Win32 Services (SafeList) ==========
SRV - File not found -- -- (McSysmon [On_Demand | Running])
SRV - File not found -- -- (McProxy [Auto | Running])
SRV - File not found -- -- (McODS [On_Demand | Stopped])
SRV - File not found -- -- (McNASvc [Auto | Running])
SRV - File not found -- -- (mcmscsvc [Auto | Running])
SRV - File not found -- -- (AOL ACS [Auto | Running])
SRV - [2009/09/23 16:36:06 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper [On_Demand | Stopped])
SRV - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2009/07/08 20:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe -- (McShield [Auto | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/11/02 16:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Running])
SRV - [2004/08/04 06:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2003/12/17 14:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2003/08/27 10:29:46 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/16 00:26:58 | 00,000,000 | ---D | M]
[2005/05/26 16:15:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2005/06/18 13:38:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2006/11/03 20:49:47 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2006/11/03 20:49:47 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2006/11/03 20:49:47 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2006/11/03 20:49:47 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2006/11/03 20:49:47 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2006/11/03 20:49:48 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2006/11/03 20:49:48 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/11/09 16:20:40 | 02,111,096 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2004/01/13 22:09:25 | 00,176,176 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126654479\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: W32Time - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/10/18 15:32:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/18 16:55:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/10/18 15:23:27 | 00,000,000 | -H-D | C] -- \BJPrinter
[2009/10/17 10:42:02 | 00,000,000 | ---D | C] -- \TEMP
[2009/10/19 19:19:53 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dan.HOME\Local Settings\Application Data
[2009/10/19 19:19:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dan.HOME\Local Settings\Application Data\Microsoft
[2009/10/19 19:46:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/18 16:06:43 | 00,000,000 | ---D | C] -- C:\Program Files\mmmbytesanti2009
[2009/10/18 16:55:24 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/10/19 19:46:20 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/19 19:46:18 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/18 15:23:27 | 00,000,000 | -H-D | C] -- C:\BJPrinter
[2009/10/17 10:42:02 | 00,000,000 | ---D | C] -- C:\TEMP
========== Files - Modified Within 14 Days ==========
[2009/10/19 19:46:23 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/19 19:41:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/19 19:37:09 | 00,005,489 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/19 19:34:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/19 19:34:56 | 53,482,7008 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/18 18:28:45 | 00,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/10/18 18:25:32 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/10/18 18:25:32 | 00,000,211 | -HS- | M] () -- C:\BOOT.INI
[2009/10/18 18:25:32 | 00,000,104 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/10/18 16:55:48 | 00,000,191 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/17 03:03:07 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== Files - No Company Name ==========
[2009/10/19 19:51:39 | 00,001,986 | ---- | C] () -- \RootRepeal report 10-19-09 (19-51-39).txt
[2009/10/19 19:46:23 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/18 15:59:56 | 53,482,7008 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/18 15:59:56 | 53,482,7008 | -HS- | C] () -- \hiberfil.sys
[2008/11/24 17:05:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Podcasting
[2008/11/24 17:05:00 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Pipe Organ
[2008/07/15 19:24:51 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2007/02/22 22:22:46 | 01,313,180 | ---- | C] () -- \VETlog.txt
[2007/02/22 22:22:44 | 00,087,573 | ---- | C] () -- \VETlog.dmp
[2007/02/17 00:06:44 | 00,003,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/10 17:44:00 | 00,008,214 | ---- | C] () -- \backgroundb.bmp
[2006/01/02 12:12:21 | 00,015,747 | ---- | C] () -- \install.log
[2006/01/02 12:11:02 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/09 15:52:34 | 00,004,664 | ---- | C] () -- \logo.bmp
[2005/12/09 15:52:34 | 00,000,824 | ---- | C] () -- \highlight.bmp
[2005/12/06 08:51:02 | 00,010,920 | ---- | C] () -- \aolconnfix.exe
[2005/12/06 08:51:02 | 00,001,039 | ---- | C] () -- \aolconnfix.txt
[2005/11/24 15:48:04 | 00,006,922 | ---- | C] () -- \background.bmp
[2005/11/10 21:07:00 | 00,000,824 | ---- | C] () -- \search013.bmp
[2005/11/10 21:07:00 | 00,000,824 | ---- | C] () -- \search.bmp
[2005/11/10 21:07:00 | 00,000,824 | ---- | C] () -- \popupblocker004.bmp
[2005/11/10 21:07:00 | 00,000,824 | ---- | C] () -- \popupblocker003.bmp
[2005/10/27 20:37:43 | 00,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/05 12:28:59 | 00,001,192 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/06/23 17:41:59 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/23 17:13:34 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2005/05/19 12:00:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/19 11:51:38 | 00,000,191 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/19 11:49:52 | 00,000,087 | ---- | C] () -- \SystemInfo.ini
[2005/05/19 11:27:43 | 80,530,6368 | -HS- | C] () -- \pagefile.sys
[2005/05/19 11:18:02 | 00,000,211 | -HS- | C] () -- \BOOT.INI
[2005/05/19 11:17:58 | 00,005,117 | RH-- | C] () -- \DELL.SDR
[2005/05/19 11:09:52 | 00,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 09:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:14:36 | 00,004,128 | ---- | C] () -- \INFCACHE.1
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:04:08 | 00,000,104 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 14:04:08 | 00,000,000 | -H-- | C] () -- \MSDOS.SYS
[2004/08/10 14:04:08 | 00,000,000 | -H-- | C] () -- \IO.SYS
[2004/08/10 14:04:08 | 00,000,000 | ---- | C] () -- \CONFIG.SYS
[2004/08/10 14:04:08 | 00,000,000 | ---- | C] () -- \AUTOEXEC.BAT
[2004/08/10 13:57:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/10 13:57:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2004/08/04 06:00:00 | 00,250,032 | RHS- | C] () -- \NTLDR
[2004/08/04 06:00:00 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\eventlog.dll
[2004/08/04 06:00:00 | 00,047,564 | RHS- | C] () -- \NTDETECT.COM
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[1980/01/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
========== LOP Check ==========
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/08/15 01:00:00 | 00,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/07/01 01:00:00 | 00,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/08/19 19:32:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/18 18:28:45 | 00,000,296 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2005/12/06 08:51:02 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe
< %systemroot%\system32\eventlog.dll >
[2004/08/04 06:00:00 | 00,061,952 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >
[2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\SCECLI.DLL
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
[2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll
< End of report >
Edited by invisible777, 19 October 2009 - 06:13 PM.