backdoor.Tidservlinf
Started by
AlRussell
, Jun 27 2010 04:25 PM
#31
Posted 07 July 2010 - 02:34 AM
#32
Posted 07 July 2010 - 02:50 AM
Hi,...Total Virus report file attached. I saved a pdf version if desired. Let me know what you see as next step please. Thank you, AlRussell
Attached Files
#33
Posted 07 July 2010 - 12:52 PM
Hi AlRussell,
You must delete your copy of MBRCheck.exe.
Please download new version from here MBRCheck.exe.
You must delete your copy of MBRCheck.exe.
Please download new version from here MBRCheck.exe.
- Run MBRCheck.exe
- Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
- Please push the 'Y' key and then press Enter
- When program ask you Enter your choice: enter 2 and press the Enter key
- Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
- Enter 0 and press the Enter key.
- The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
- The program will prompt for confirmation. Type 'YES' and hit Enter.
- Left click on the title bar (where program name and path is written).
- From menu chose Edit -> Select All
- Hit the Enter key on your keyboard to copy selected text.
- Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
- Restart your PC.
- Post the text in "MBRCheck results.txt" here, please.
#34
Posted 08 July 2010 - 08:05 PM
Hi maliprog, as requested here's the text from latest run of file <MBRCheck results.txt>:
MBRCheck, version 1.0.2
© 2010, AD
\\.\C: --> \\.\PhysicalDrive0
\\.\F: --> \\.\PhysicalDrive1
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Black Internet)!
232 GB \\.\PhysicalDrive1 Known-bad MBR code detected (Black Internet)!
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: 2
Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Done! Press ENTER to exit...
last entry, AlRussell
MBRCheck, version 1.0.2
© 2010, AD
\\.\C: --> \\.\PhysicalDrive0
\\.\F: --> \\.\PhysicalDrive1
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Black Internet)!
232 GB \\.\PhysicalDrive1 Known-bad MBR code detected (Black Internet)!
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: 2
Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Done! Press ENTER to exit...
last entry, AlRussell
#35
Posted 08 July 2010 - 11:09 PM
Hi AlRussell,
Step 1
Step 1
How is your system now? What kind of problems do you experience now?
Step 1
- Run OTL.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.
Step 1
How is your system now? What kind of problems do you experience now?
#36
Posted 09 July 2010 - 07:38 PM
Hi maliprog,
After running OTL, the results are listed below. The computer appears to run well and no particular glitches are noted at this time. What is next?
The OTL.txt file content is shown below:
OTL logfile created on: 7/9/2010 9:29:35 PM - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 2254 2254 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 32.97 Gb Free Space | 44.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 82.90 Gb Total Space | 16.72 Gb Free Space | 20.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAINER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/28 09:54:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
PRC - [2009/12/13 21:38:46 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2008/06/10 13:56:28 | 000,447,560 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/04/17 04:33:14 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/05 08:49:26 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinGamesInstaller.exe
PRC - [2004/01/15 20:33:44 | 000,049,152 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
========== Modules (SafeList) ==========
MOD - [2010/06/28 09:54:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
MOD - [2009/12/13 21:38:19 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\asOEHook.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/06/23 21:24:04 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\WINDOWS\system32\drivers\NOF -- (NOF)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/13 21:38:46 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/01/18 08:02:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/17 04:33:14 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/03/05 08:49:26 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinGamesInstaller.exe -- (iWinGamesInstaller)
SRV - [2003/03/31 08:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
========== Driver Services (SafeList) ==========
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100708.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100708.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100708.033\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/14 05:21:22 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/13 21:38:52 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/12/13 21:38:51 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/12/13 21:38:51 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/12/13 21:38:51 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/12/13 21:38:51 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/12/13 21:38:51 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/12/13 21:38:51 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/12/13 21:38:51 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/12/13 21:38:51 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/12/13 21:38:50 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/12/13 21:38:50 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2008/05/16 17:18:16 | 000,023,552 | ---- | M] (Copyright © FineArt Technology Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FD.sys -- (FD)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/10/17 23:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2006/08/10 07:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2001/08/17 13:51:14 | 000,023,936 | ---- | M] (OMNIKEY AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sccmusbm.sys -- (OMNUSB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gideons.o...te/default.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 07:26:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_1.2.0.37\FFPlugin\
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Safety Minder BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\1.2.2.2\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://99.191.248.17/VatDec.cab (VatCtrl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1220607666906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/13 15:55:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4c9fd9b5-2442-11dd-b63c-000c76f0a012}\Shell - "" = AutoRun
O33 - MountPoints2\{4c9fd9b5-2442-11dd-b63c-000c76f0a012}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c9fd9b5-2442-11dd-b63c-000c76f0a012}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/07/05 11:26:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/05 10:54:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/05 09:46:39 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/07/05 09:46:39 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/07/05 09:45:16 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/30 08:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mainer
[2010/06/30 07:54:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/30 07:41:46 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Owner\Desktop\remover.exe
[2010/06/30 07:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PeaZip
[2010/06/30 07:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip
[2010/06/30 07:23:44 | 006,599,984 | ---- | C] (Giorgio Tani ) -- C:\Documents and Settings\Owner\Desktop\peazip-3.2.WINDOWS.exe
[2010/06/28 09:54:10 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/06/27 18:02:32 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/06/27 14:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/27 14:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/27 14:02:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/24 04:06:42 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/14 04:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/14 03:50:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2010/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache
[2010/05/14 03:48:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq
[2010/05/14 03:48:11 | 000,000,000 | ---D | C] -- C:\Inetpub
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/07/09 21:33:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FC0B4E35-80B8-4FBD-A66D-26C488BF0099}.job
[2010/07/09 21:31:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2010/07/09 21:31:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F78F92D3-41BF-49B7-9A16-3A17289FD6A8}.job
[2010/07/09 21:27:46 | 000,021,854 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 21:24:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/09 21:24:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/08 23:01:37 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/07/08 23:01:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/08 23:01:23 | 004,830,744 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/08 21:53:22 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/07/07 04:44:02 | 000,040,954 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mbrdump.docx
[2010/07/07 04:43:29 | 000,040,956 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\File mbrdump.docx
[2010/07/07 04:42:09 | 000,083,467 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\100707MBRDMP-TOTAL-VIRUS.pdf
[2010/07/06 22:10:49 | 000,009,905 | ---- | M] () -- C:\test.docx
[2010/07/06 21:58:58 | 000,000,512 | ---- | M] () -- C:\mbrdump.dmp
[2010/07/06 21:58:58 | 000,000,512 | ---- | M] () -- C:\Copy of mbrdump.doc
[2010/07/05 17:06:42 | 000,078,072 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\writeup.pdf
[2010/07/05 16:58:28 | 000,498,903 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Doc3.docx
[2010/07/05 16:35:49 | 1576,620,032 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/05 16:08:21 | 000,010,177 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\v4.docx
[2010/07/05 12:42:31 | 000,609,476 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/05 12:42:30 | 000,127,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/05 12:42:29 | 000,753,978 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/05 12:39:44 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/05 12:39:36 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/05 12:37:01 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/05 12:30:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/05 11:38:27 | 000,072,456 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/05 11:35:10 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/05 11:10:39 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/07/05 11:01:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/05 11:01:53 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/05 10:08:51 | 000,021,854 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/07/05 10:05:34 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/07/05 09:48:45 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/05 09:44:22 | 000,000,598 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/05 09:44:15 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/05 09:44:15 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/05 09:44:13 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/07/05 09:44:01 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/05 09:40:05 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/05 09:40:05 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/05 09:37:37 | 000,027,468 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/05 09:35:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/05 09:23:05 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/01 16:00:57 | 000,012,017 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OTL.docx
[2010/06/30 07:35:34 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PeaZip.lnk
[2010/06/30 07:23:52 | 006,599,984 | ---- | M] (Giorgio Tani ) -- C:\Documents and Settings\Owner\Desktop\peazip-3.2.WINDOWS.exe
[2010/06/30 07:18:16 | 000,012,175 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\download_peazip.htm
[2010/06/30 07:17:53 | 000,478,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.rar
[2010/06/28 15:11:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/28 10:33:33 | 000,293,376 | ---- | M] () -- C:\tx7ri023.exe
[2010/06/28 09:54:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/06/27 18:02:38 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/05/13 22:05:22 | 000,285,691 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\add-remove-checklist-mainer.docx
[2010/05/13 22:05:22 | 000,012,986 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\0905-52-HOUSE RULES.docx
[2010/05/13 21:30:14 | 000,285,601 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\add-remove-checklist.docx
[2010/05/13 21:30:14 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\20010426-elmhurst-albright.doc
[2010/05/13 21:23:43 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mainer-11-04-06.doc
[2010/05/13 21:23:42 | 000,033,750 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NORTON360-12-13-09MAINER.docx
[2010/05/13 21:22:10 | 000,423,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\08JULY_EVMSslide-Input_EVMS_Trid Program Brief_final_2.ppt
[2010/05/13 21:22:10 | 000,230,478 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\091011alertmanualfixrequired.docx
[2010/05/13 21:22:10 | 000,016,724 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1040se_2008-0.xlsx
[2010/05/13 21:21:06 | 000,013,885 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Am I understanding these correctly.docx
[2010/05/13 21:21:06 | 000,010,445 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Beginning today the internet connection is available in a limited time frame.docx
[2010/05/13 21:20:55 | 000,138,241 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Doc1.docx
[2010/05/13 21:20:55 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\currentSAR-sep2008_eng_slide_1.ppt
[2010/05/13 21:20:55 | 000,012,048 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Doc2.docx
[2010/05/13 21:20:46 | 000,009,895 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\EpsonC88.docx
[2010/05/13 21:20:42 | 000,725,882 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\File0262.pdf
[2010/05/13 21:18:24 | 001,527,296 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PAWFormsSAMPLE1.XLS
[2010/05/13 21:18:24 | 000,856,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PAWFormsBLANK1.xls
[2010/05/13 21:18:19 | 000,119,639 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SE Surveillance PE&D-APP-C.pptx
[2010/05/13 21:14:32 | 000,010,401 | ---- | M] () -- C:\election10electoralvotesnov4.xlsx
[2010/05/13 21:14:32 | 000,010,372 | ---- | M] () -- C:\election10electoralvotes.xlsx
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/07/08 21:53:22 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/07/07 04:44:02 | 000,040,954 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\mbrdump.docx
[2010/07/07 04:43:28 | 000,040,956 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\File mbrdump.docx
[2010/07/07 04:42:09 | 000,083,467 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\100707MBRDMP-TOTAL-VIRUS.pdf
[2010/07/06 22:10:49 | 000,009,905 | ---- | C] () -- C:\test.docx
[2010/07/06 22:07:54 | 000,000,512 | ---- | C] () -- C:\Copy of mbrdump.doc
[2010/07/06 21:58:58 | 000,000,512 | ---- | C] () -- C:\mbrdump.dmp
[2010/07/05 17:06:42 | 000,078,072 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\writeup.pdf
[2010/07/05 16:57:20 | 000,498,903 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Doc3.docx
[2010/07/05 16:08:20 | 000,010,177 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\v4.docx
[2010/07/05 09:46:32 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/07/05 09:46:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/07/05 09:45:56 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/07/05 09:45:54 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/07/05 09:45:52 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/07/05 09:45:43 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/07/05 09:45:39 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/07/05 09:45:20 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/07/05 09:44:17 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/07/05 09:44:13 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2010/07/05 09:40:05 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/05 09:36:35 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/07/05 09:36:35 | 000,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2010/07/05 09:36:34 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/07/05 09:36:34 | 000,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h
[2010/07/05 09:36:31 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/07/05 09:36:30 | 000,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h
[2010/07/05 09:35:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/05 09:23:15 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/05 09:22:42 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/07/05 09:22:42 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/07/05 09:22:42 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/07/05 09:22:42 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/07/05 09:22:42 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/07/05 09:22:42 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/07/05 05:13:20 | 1576,620,032 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/01 15:50:32 | 000,012,017 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OTL.docx
[2010/06/30 07:35:34 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PeaZip.lnk
[2010/06/30 07:18:16 | 000,012,175 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\download_peazip.htm
[2010/06/30 07:17:52 | 000,478,504 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.rar
[2010/06/28 10:33:31 | 000,293,376 | ---- | C] () -- C:\tx7ri023.exe
[2010/06/09 21:48:02 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2010/05/14 03:49:42 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/05/14 03:49:42 | 000,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h
[2010/05/14 03:49:41 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/05/14 03:49:41 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h
[2010/05/14 03:48:47 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2010/05/14 03:48:47 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2010/05/14 03:48:46 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2010/05/14 03:48:46 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2010/05/14 03:48:46 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2010/05/14 03:48:46 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2010/05/14 03:48:46 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2010/05/14 03:48:46 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2010/05/14 03:48:45 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2010/05/14 03:48:45 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2010/05/14 03:48:45 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2010/05/14 03:48:45 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2010/05/14 03:48:45 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2010/05/14 03:48:45 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2010/05/14 03:48:45 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2010/05/14 03:48:45 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2010/05/14 03:48:44 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2010/05/14 03:48:44 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2010/05/14 03:48:44 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2010/05/14 03:48:44 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/21 14:20:13 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/05/18 11:00:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2008/05/16 17:18:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\pxdl.dll
[2008/05/16 17:18:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\keyword.dll
[2008/05/16 17:18:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\ufdp.dll
[2008/05/16 17:18:16 | 000,000,114 | ---- | C] () -- C:\WINDOWS\FASRV.ini
[2008/05/16 17:18:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\swbn01.ini
[2008/03/15 11:00:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/15 11:00:34 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSONSC88+.ini
[2008/03/15 10:59:53 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/27 08:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
========== LOP Check ==========
[2009/06/17 10:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2008/12/08 16:34:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2008/11/28 17:51:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2008/11/28 18:00:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2009/11/18 14:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/05/18 20:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/10/06 12:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/02/24 22:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/03/26 19:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NBC Direct
[2009/11/15 18:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/06/21 18:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/13 21:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/06/16 19:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/12 04:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2008/10/06 21:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/28 17:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2008/03/15 11:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/03/15 13:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2010/06/30 07:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PeaZip
[2008/05/26 14:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PureEdge
[2008/03/15 16:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/07/09 21:31:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2010/07/09 21:31:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F78F92D3-41BF-49B7-9A16-3A17289FD6A8}.job
[2010/07/09 21:33:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FC0B4E35-80B8-4FBD-A66D-26C488BF0099}.job
========== Purity Check ==========
< End of report >
last entry. AlRussell
After running OTL, the results are listed below. The computer appears to run well and no particular glitches are noted at this time. What is next?
The OTL.txt file content is shown below:
OTL logfile created on: 7/9/2010 9:29:35 PM - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 2254 2254 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 32.97 Gb Free Space | 44.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 82.90 Gb Total Space | 16.72 Gb Free Space | 20.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAINER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/06/28 09:54:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
PRC - [2009/12/13 21:38:46 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2008/06/10 13:56:28 | 000,447,560 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/04/17 04:33:14 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/05 08:49:26 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinGamesInstaller.exe
PRC - [2004/01/15 20:33:44 | 000,049,152 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
========== Modules (SafeList) ==========
MOD - [2010/06/28 09:54:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
MOD - [2009/12/13 21:38:19 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\asOEHook.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/06/23 21:24:04 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\WINDOWS\system32\drivers\NOF -- (NOF)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/13 21:38:46 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/01/18 08:02:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/17 04:33:14 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/03/05 08:49:26 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinGamesInstaller.exe -- (iWinGamesInstaller)
SRV - [2003/03/31 08:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
========== Driver Services (SafeList) ==========
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100708.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100708.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100708.033\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/14 05:21:22 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/13 21:38:52 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/12/13 21:38:51 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/12/13 21:38:51 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/12/13 21:38:51 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/12/13 21:38:51 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/12/13 21:38:51 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/12/13 21:38:51 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/12/13 21:38:51 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/12/13 21:38:51 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/12/13 21:38:50 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/12/13 21:38:50 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2008/05/16 17:18:16 | 000,023,552 | ---- | M] (Copyright © FineArt Technology Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FD.sys -- (FD)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/10/17 23:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2006/08/10 07:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2001/08/17 13:51:14 | 000,023,936 | ---- | M] (OMNIKEY AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sccmusbm.sys -- (OMNUSB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gideons.o...te/default.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 07:26:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_1.2.0.37\FFPlugin\
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Safety Minder BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\1.2.2.2\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://99.191.248.17/VatDec.cab (VatCtrl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1220607666906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/13 15:55:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4c9fd9b5-2442-11dd-b63c-000c76f0a012}\Shell - "" = AutoRun
O33 - MountPoints2\{4c9fd9b5-2442-11dd-b63c-000c76f0a012}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c9fd9b5-2442-11dd-b63c-000c76f0a012}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010/07/05 11:26:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/05 10:54:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/05 09:46:39 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/07/05 09:46:39 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/07/05 09:45:16 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/30 08:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mainer
[2010/06/30 07:54:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/30 07:41:46 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Owner\Desktop\remover.exe
[2010/06/30 07:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PeaZip
[2010/06/30 07:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip
[2010/06/30 07:23:44 | 006,599,984 | ---- | C] (Giorgio Tani ) -- C:\Documents and Settings\Owner\Desktop\peazip-3.2.WINDOWS.exe
[2010/06/28 09:54:10 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/06/27 18:02:32 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/06/27 14:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/27 14:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/27 14:02:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/24 04:06:42 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/14 04:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/14 03:50:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2010/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache
[2010/05/14 03:48:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq
[2010/05/14 03:48:11 | 000,000,000 | ---D | C] -- C:\Inetpub
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/07/09 21:33:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FC0B4E35-80B8-4FBD-A66D-26C488BF0099}.job
[2010/07/09 21:31:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2010/07/09 21:31:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F78F92D3-41BF-49B7-9A16-3A17289FD6A8}.job
[2010/07/09 21:27:46 | 000,021,854 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 21:24:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/09 21:24:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/08 23:01:37 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/07/08 23:01:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/08 23:01:23 | 004,830,744 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/08 21:53:22 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/07/07 04:44:02 | 000,040,954 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mbrdump.docx
[2010/07/07 04:43:29 | 000,040,956 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\File mbrdump.docx
[2010/07/07 04:42:09 | 000,083,467 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\100707MBRDMP-TOTAL-VIRUS.pdf
[2010/07/06 22:10:49 | 000,009,905 | ---- | M] () -- C:\test.docx
[2010/07/06 21:58:58 | 000,000,512 | ---- | M] () -- C:\mbrdump.dmp
[2010/07/06 21:58:58 | 000,000,512 | ---- | M] () -- C:\Copy of mbrdump.doc
[2010/07/05 17:06:42 | 000,078,072 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\writeup.pdf
[2010/07/05 16:58:28 | 000,498,903 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Doc3.docx
[2010/07/05 16:35:49 | 1576,620,032 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/05 16:08:21 | 000,010,177 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\v4.docx
[2010/07/05 12:42:31 | 000,609,476 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/05 12:42:30 | 000,127,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/05 12:42:29 | 000,753,978 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/05 12:39:44 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/05 12:39:36 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/05 12:37:01 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/05 12:30:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/05 11:38:27 | 000,072,456 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/05 11:35:10 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/05 11:10:39 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/07/05 11:01:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/05 11:01:53 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/05 10:08:51 | 000,021,854 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/07/05 10:05:34 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/07/05 09:48:45 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/05 09:44:22 | 000,000,598 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/05 09:44:15 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/05 09:44:15 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/05 09:44:13 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/07/05 09:44:01 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/05 09:40:05 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/05 09:40:05 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/05 09:37:37 | 000,027,468 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/05 09:35:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/05 09:23:05 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/01 16:00:57 | 000,012,017 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OTL.docx
[2010/06/30 07:35:34 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PeaZip.lnk
[2010/06/30 07:23:52 | 006,599,984 | ---- | M] (Giorgio Tani ) -- C:\Documents and Settings\Owner\Desktop\peazip-3.2.WINDOWS.exe
[2010/06/30 07:18:16 | 000,012,175 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\download_peazip.htm
[2010/06/30 07:17:53 | 000,478,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.rar
[2010/06/28 15:11:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/28 10:33:33 | 000,293,376 | ---- | M] () -- C:\tx7ri023.exe
[2010/06/28 09:54:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/06/27 18:02:38 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/05/13 22:05:22 | 000,285,691 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\add-remove-checklist-mainer.docx
[2010/05/13 22:05:22 | 000,012,986 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\0905-52-HOUSE RULES.docx
[2010/05/13 21:30:14 | 000,285,601 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\add-remove-checklist.docx
[2010/05/13 21:30:14 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\20010426-elmhurst-albright.doc
[2010/05/13 21:23:43 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mainer-11-04-06.doc
[2010/05/13 21:23:42 | 000,033,750 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NORTON360-12-13-09MAINER.docx
[2010/05/13 21:22:10 | 000,423,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\08JULY_EVMSslide-Input_EVMS_Trid Program Brief_final_2.ppt
[2010/05/13 21:22:10 | 000,230,478 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\091011alertmanualfixrequired.docx
[2010/05/13 21:22:10 | 000,016,724 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1040se_2008-0.xlsx
[2010/05/13 21:21:06 | 000,013,885 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Am I understanding these correctly.docx
[2010/05/13 21:21:06 | 000,010,445 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Beginning today the internet connection is available in a limited time frame.docx
[2010/05/13 21:20:55 | 000,138,241 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Doc1.docx
[2010/05/13 21:20:55 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\currentSAR-sep2008_eng_slide_1.ppt
[2010/05/13 21:20:55 | 000,012,048 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Doc2.docx
[2010/05/13 21:20:46 | 000,009,895 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\EpsonC88.docx
[2010/05/13 21:20:42 | 000,725,882 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\File0262.pdf
[2010/05/13 21:18:24 | 001,527,296 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PAWFormsSAMPLE1.XLS
[2010/05/13 21:18:24 | 000,856,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PAWFormsBLANK1.xls
[2010/05/13 21:18:19 | 000,119,639 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SE Surveillance PE&D-APP-C.pptx
[2010/05/13 21:14:32 | 000,010,401 | ---- | M] () -- C:\election10electoralvotesnov4.xlsx
[2010/05/13 21:14:32 | 000,010,372 | ---- | M] () -- C:\election10electoralvotes.xlsx
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/07/08 21:53:22 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/07/07 04:44:02 | 000,040,954 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\mbrdump.docx
[2010/07/07 04:43:28 | 000,040,956 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\File mbrdump.docx
[2010/07/07 04:42:09 | 000,083,467 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\100707MBRDMP-TOTAL-VIRUS.pdf
[2010/07/06 22:10:49 | 000,009,905 | ---- | C] () -- C:\test.docx
[2010/07/06 22:07:54 | 000,000,512 | ---- | C] () -- C:\Copy of mbrdump.doc
[2010/07/06 21:58:58 | 000,000,512 | ---- | C] () -- C:\mbrdump.dmp
[2010/07/05 17:06:42 | 000,078,072 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\writeup.pdf
[2010/07/05 16:57:20 | 000,498,903 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Doc3.docx
[2010/07/05 16:08:20 | 000,010,177 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\v4.docx
[2010/07/05 09:46:32 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/07/05 09:46:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/07/05 09:45:56 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/07/05 09:45:54 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/07/05 09:45:52 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/07/05 09:45:43 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/07/05 09:45:39 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/07/05 09:45:20 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/07/05 09:44:17 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/07/05 09:44:13 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2010/07/05 09:40:05 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/05 09:36:35 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/07/05 09:36:35 | 000,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2010/07/05 09:36:34 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/07/05 09:36:34 | 000,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h
[2010/07/05 09:36:31 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/07/05 09:36:30 | 000,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h
[2010/07/05 09:35:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/05 09:23:15 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/05 09:22:42 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/07/05 09:22:42 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/07/05 09:22:42 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/07/05 09:22:42 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/07/05 09:22:42 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/07/05 09:22:42 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/07/05 05:13:20 | 1576,620,032 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/01 15:50:32 | 000,012,017 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OTL.docx
[2010/06/30 07:35:34 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PeaZip.lnk
[2010/06/30 07:18:16 | 000,012,175 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\download_peazip.htm
[2010/06/30 07:17:52 | 000,478,504 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.rar
[2010/06/28 10:33:31 | 000,293,376 | ---- | C] () -- C:\tx7ri023.exe
[2010/06/09 21:48:02 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2010/05/14 03:49:42 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/05/14 03:49:42 | 000,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h
[2010/05/14 03:49:41 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/05/14 03:49:41 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h
[2010/05/14 03:48:47 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2010/05/14 03:48:47 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2010/05/14 03:48:46 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2010/05/14 03:48:46 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2010/05/14 03:48:46 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2010/05/14 03:48:46 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2010/05/14 03:48:46 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2010/05/14 03:48:46 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2010/05/14 03:48:45 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2010/05/14 03:48:45 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2010/05/14 03:48:45 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2010/05/14 03:48:45 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2010/05/14 03:48:45 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2010/05/14 03:48:45 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2010/05/14 03:48:45 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2010/05/14 03:48:45 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2010/05/14 03:48:44 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2010/05/14 03:48:44 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2010/05/14 03:48:44 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2010/05/14 03:48:44 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/21 14:20:13 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/05/18 11:00:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2008/05/16 17:18:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\pxdl.dll
[2008/05/16 17:18:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\keyword.dll
[2008/05/16 17:18:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\ufdp.dll
[2008/05/16 17:18:16 | 000,000,114 | ---- | C] () -- C:\WINDOWS\FASRV.ini
[2008/05/16 17:18:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\swbn01.ini
[2008/03/15 11:00:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/15 11:00:34 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSONSC88+.ini
[2008/03/15 10:59:53 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/27 08:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
========== LOP Check ==========
[2009/06/17 10:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2008/12/08 16:34:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2008/11/28 17:51:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2008/11/28 18:00:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2009/11/18 14:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/05/18 20:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/10/06 12:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/02/24 22:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/03/26 19:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NBC Direct
[2009/11/15 18:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/06/21 18:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/13 21:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/06/16 19:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/12 04:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2008/10/06 21:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/28 17:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2008/03/15 11:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/03/15 13:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2010/06/30 07:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PeaZip
[2008/05/26 14:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PureEdge
[2008/03/15 16:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/07/09 21:31:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2010/07/09 21:31:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F78F92D3-41BF-49B7-9A16-3A17289FD6A8}.job
[2010/07/09 21:33:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FC0B4E35-80B8-4FBD-A66D-26C488BF0099}.job
========== Purity Check ==========
< End of report >
last entry. AlRussell
#37
Posted 10 July 2010 - 11:00 PM
Hi AlRussell,
Step 1
Run OTL
Step 2
You system is clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.
Please start OTL one more time and click CleanUp button. OTL will restart your system.
Step 3
Here are some recommendations you should follow to minimize infection risk in the future:
1. Your system need one antivirus software. Chose one that suits your needs best. Here are some FREEWARE recomendations:
Avira AntiVir Personal - Free
AVG Free
2. Your system need one firewall software. Chose one that suits your needs best. Here are some FREEWARE recomendations.
ZoneAlarm Pro
Ashampoo Firewall
3. Intall AntiSpyware. You need to have only one realtime antispyware solution running on your system.
4. Enable Windows Update
5. Delete Temp files
Download TFC to your desktop
6. Make Backups of Important Files
Please read this article Home Computer Data Backup.
7. Regularly update your software
To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.
You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
Step 1
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL [2010/07/09 21:31:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job [2008/05/18 11:00:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll [2008/10/06 21:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2010/07/09 21:33:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FC0B4E35-80B8-4FBD-A66D-26C488BF0099}.job :Commands [purity] [emptytemp]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Step 2
You system is clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.
Please start OTL one more time and click CleanUp button. OTL will restart your system.
Step 3
Here are some recommendations you should follow to minimize infection risk in the future:
1. Your system need one antivirus software. Chose one that suits your needs best. Here are some FREEWARE recomendations:
Avira AntiVir Personal - Free
AVG Free
2. Your system need one firewall software. Chose one that suits your needs best. Here are some FREEWARE recomendations.
ZoneAlarm Pro
Ashampoo Firewall
3. Intall AntiSpyware. You need to have only one realtime antispyware solution running on your system.
- Super AntiSpyware - an amazing tool that can often clean up a system very efficiently.
- MalwareBytes Anti-Malware - another great program for keeping your system free of malware and running smooth.
- SpywareBlaster - helps prevent spyware from being installed on your system.
4. Enable Windows Update
- Click Start, click Run, type sysdm.cpl, and then press ENTER.
- Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
- Click OK button
5. Delete Temp files
Download TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
6. Make Backups of Important Files
Please read this article Home Computer Data Backup.
7. Regularly update your software
To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.
You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
#38
Posted 11 July 2010 - 08:35 AM
Ok.
Thank you for your help--all appears restored and operating.
Advice well noted--should I expect better antivirus and firewall protection performance from the apps you suggest than in keeping Symantec's NIS 360?
AlRussell
ps. btw, when do you complete "training"? ar
Thank you for your help--all appears restored and operating.
Advice well noted--should I expect better antivirus and firewall protection performance from the apps you suggest than in keeping Symantec's NIS 360?
AlRussell
ps. btw, when do you complete "training"? ar
#39
Posted 11 July 2010 - 01:43 PM
Hi AlRussell,
I think you should keep your current antivirus software.
I'll be in training until my teachers decide I'm ready to move on and offer help by myself
I think you should keep your current antivirus software.
I'll be in training until my teachers decide I'm ready to move on and offer help by myself
#40
Posted 11 July 2010 - 04:47 PM
Okay then--thank you very much; best wishes in your training time.
#41
Posted 17 June 2011 - 04:49 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users