Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help Please :(

Started by Eric Romero , Sep 09 2011 08:52 PM

  • Please log in to reply

#1
Eric Romero
Posted 09 September 2011 - 08:52 PM

Eric Romero

    New Member

  • Member
  • Pip
  • 1 posts
First time posting so I am sorry if I don't post properly. I have been battling a virus for 4 days now on a server and have no where else to turn but here. I tried to run Malwarebytes that produced the "failed to load control "vbalgrid"" error. I try unstall Hijackthis and it throws a "runtime error 481 invalid picture". Can't update, some things will install and some won't (usually if it has anything to do with virus or malware removal) Safe Mode doesn't change anything. Many services don't start because of time outs. It's a disaster. I have run the OTL software that was provided by your site (It ran, yay) and have attached it to this post. I hope someone can help I am at my wits end....I am running Server 2008 Standard Edition 64 bit by the way. Help someone! :)

OTL logfile created on: 9/9/2011 6:39:33 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = D:\Users\Administrator.afognak\Desktop
64bit-Windows Vista Server Standard Edition (full installation) Service Pack 1 (Version = 6.0.6001) - Type = NTDomainController
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 78.84% Memory free
16.04 Gb Paging File | 13.59 Gb Available in Paging File | 84.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40.00 Gb Total Space | 6.18 Gb Free Space | 15.45% Space Free | Partition Type: NTFS
Drive D: | 930.50 Gb Total Space | 519.34 Gb Free Space | 55.81% Space Free | Partition Type: NTFS
Drive E: | 105.41 Gb Total Space | 34.54 Gb Free Space | 32.76% Space Free | Partition Type: NTFS
Drive F: | 3.00 Gb Total Space | 1.87 Gb Free Space | 62.18% Space Free | Partition Type: NTFS
Drive Z: | 931.49 Gb Total Space | 242.74 Gb Free Space | 26.06% Space Free | Partition Type: NTFS

Computer Name: NVA-SERVER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/09 18:39:28 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\Administrator.afognak\Desktop\OTL.com
PRC - [2011/07/08 12:23:35 | 000,133,944 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/06/09 09:39:02 | 000,582,896 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Printer Software\ErrorApp\dkab1err.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/18 05:20:00 | 000,417,792 | ---- | M] () -- C:\Program Files\Dell\Printer Software\ErrorApp\parser.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV:64bit: - [2009/11/15 01:54:08 | 001,760,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Backup Exec\beremote.exe -- (BackupExecAgentAccelerator)
SRV:64bit: - [2009/11/15 01:54:02 | 002,028,872 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Backup Exec\pvlsvr.exe -- (BackupExecDeviceMediaService)
SRV:64bit: - [2009/11/15 01:54:00 | 009,658,184 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Backup Exec\beserver.exe -- (BackupExecRPCService)
SRV:64bit: - [2009/11/15 01:53:58 | 005,627,720 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Backup Exec\bengine.exe -- (BackupExecJobEngine)
SRV:64bit: - [2009/11/15 01:53:58 | 000,408,904 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Backup Exec\benetns.exe -- (BackupExecAgentBrowser)
SRV:64bit: - [2009/06/09 09:38:54 | 001,054,960 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DKabcoms.exe -- (dkab_device)
SRV:64bit: - [2009/02/11 22:05:17 | 000,638,464 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dns.exe -- (DNS)
SRV:64bit: - [2008/09/28 15:19:12 | 009,474,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\bin\store.exe -- (MSExchangeIS)
SRV:64bit: - [2008/09/28 15:18:54 | 000,022,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\ClientAccess\PopImap\Microsoft.Exchange.Pop3Service.exe -- (MSExchangePop3)
SRV:64bit: - [2008/09/28 15:18:54 | 000,022,128 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Exchange Server\ClientAccess\PopImap\Microsoft.Exchange.Imap4Service.exe -- (MSExchangeImap4)
SRV:64bit: - [2008/09/28 15:18:52 | 000,055,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Monitoring.exe -- (MSExchangeMonitoring)
SRV:64bit: - [2008/09/28 15:18:32 | 000,057,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeMailSubmission.exe -- (MSExchangeMailSubmission)
SRV:64bit: - [2008/09/28 15:18:22 | 000,261,008 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeMailboxAssistants.exe -- (MSExchangeMailboxAssistants)
SRV:64bit: - [2008/09/28 15:18:16 | 000,039,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe -- (MSExchangeAntispamUpdate)
SRV:64bit: - [2008/09/28 15:18:04 | 000,069,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeTransportLogSearch.exe -- (MSExchangeTransportLogSearch)
SRV:64bit: - [2008/09/28 15:18:04 | 000,063,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeTransport.exe -- (MSExchangeTransport)
SRV:64bit: - [2008/09/28 15:17:58 | 000,084,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.EdgeSyncSvc.exe -- (MSExchangeEdgeSync)
SRV:64bit: - [2008/09/28 15:17:48 | 000,113,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeADTopologyService.exe -- (MSExchangeADTopology)
SRV:64bit: - [2008/09/28 15:17:48 | 000,034,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Exchange Server\bin\Microsoft.Exchange.ServiceHost.exe -- (MSExchangeServiceHost)
SRV:64bit: - [2008/09/28 15:17:06 | 000,088,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Exchange Server\Bin\MSExchangeFDS.exe -- (MSExchangeFDS)
SRV:64bit: - [2008/09/28 15:16:54 | 000,232,352 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Exchange Server\Bin\Microsoft.Exchange.Search.ExSearch.exe -- (MSExchangeSearch)
SRV:64bit: - [2008/09/28 15:16:32 | 000,063,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\bin\Microsoft.Exchange.Cluster.ReplayService.exe -- (MSExchangeRepl)
SRV:64bit: - [2008/09/28 15:12:52 | 002,763,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\bin\mad.exe -- (MSExchangeSA)
SRV:64bit: - [2008/01/19 05:53:45 | 001,019,392 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\ntfrs.exe -- (NtFrs)
SRV:64bit: - [2008/01/19 05:52:27 | 000,091,648 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\RSoPProv.exe -- (RSoPProv)
SRV:64bit: - [2008/01/19 05:52:26 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/19 05:52:18 | 000,326,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dfssvc.exe -- (Dfs)
SRV:64bit: - [2008/01/19 05:52:17 | 000,059,392 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\ismserv.exe -- (IsmServ)
SRV:64bit: - [2008/01/19 05:52:06 | 000,012,288 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\wmsvc.exe -- (WMSvc)
SRV:64bit: - [2008/01/19 05:52:05 | 000,015,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2008/01/19 05:51:52 | 003,671,040 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DFSRs.exe -- (DFSR)
SRV:64bit: - [2008/01/19 05:51:51 | 000,041,984 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2008/01/19 05:51:45 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)
SRV:64bit: - [2008/01/19 05:51:44 | 000,026,112 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\FCRegSvc.dll -- (FCRegSvc)
SRV:64bit: - [2007/02/12 05:13:00 | 000,158,568 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft\Exchange Server\bin\msftesql.exe -- (msftesql-Exchange)
SRV - [2011/07/08 12:23:35 | 000,133,944 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2011/03/17 08:55:40 | 002,024,824 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/04/20 08:13:21 | 000,371,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/20 08:13:21 | 000,371,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/06/09 09:38:58 | 000,603,376 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\DKabcoms.exe -- (dkab_device)
SRV - [2008/07/27 10:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/30 17:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/01/19 05:52:59 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/11/15 01:54:32 | 000,050,224 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VirtFile.sys -- (VirtFile)
DRV:64bit: - [2009/11/15 01:54:26 | 000,048,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tpfilter.sys -- (tpfilter)
DRV:64bit: - [2009/01/09 18:49:59 | 000,221,696 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\vid.sys -- (Vid)
DRV:64bit: - [2009/01/09 18:49:12 | 000,133,120 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2009/01/09 18:49:12 | 000,038,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storflt.sys -- (storflt)
DRV:64bit: - [2009/01/09 18:49:12 | 000,006,656 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\s3cap.sys -- (s3cap)
DRV:64bit: - [2008/09/18 18:07:06 | 000,474,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2008/07/02 08:49:42 | 003,086,888 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2008/07/01 14:17:16 | 000,609,832 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (BXOIS)
DRV:64bit: - [2008/06/19 08:02:32 | 000,081,408 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag)
DRV:64bit: - [2008/05/14 14:23:50 | 000,068,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bxnd60a.sys -- (l2nd)
DRV:64bit: - [2008/02/06 15:34:58 | 002,210,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV:64bit: - [2008/01/23 15:55:06 | 000,057,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\halfinch.sys -- (halfinchVRTS)
DRV:64bit: - [2008/01/19 05:52:18 | 000,045,112 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfs.sys -- (DfsDriver)
DRV:64bit: - [2008/01/19 05:51:45 | 000,103,992 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\sacdrv.sys -- (sacdrv)
DRV:64bit: - [2008/01/19 05:51:36 | 000,035,328 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma) Intel®
DRV:64bit: - [2008/01/18 23:11:31 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/18 22:29:26 | 000,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ltotape.sys -- (ltotape)
DRV:64bit: - [2008/01/05 03:22:48 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2007/08/24 00:01:42 | 000,028,208 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\scsichng.sys -- (SCSIChanger)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2006/09/18 13:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe (Broadcom Corporation)
O4 - HKCU..\Run: [DKab1err] C:\Program Files\Dell\Printer Software\ErrorApp\dkab1err.exe (Dell, Inc.)
O4 - HKCU..\RunOnce: [201199_18_902791] C:\Users\Administrator.afognak\AppData\Local\Temp\LMIR0002.tmp.bat.js ()
O4 - Startup: C:\Users\Administrator.afognak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\POP Collector.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O13 - gopher Prefix: missing
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = afognak.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CFA553E-B765-4FAB-AC79-ECCCB6895B83}: NameServer = 192.168.0.11,192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B479EEA-EA1C-4C27-876F-6773E9AD5635}: NameServer = 192.168.0.11,192.168.0.1,4.2.2.2
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Key error. - File not found
O29:64bit: - HKLM SecurityProviders - (pwdssp.dll) - File not found
O29 - HKLM SecurityProviders - (pwdssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/09 20:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/09/09 20:43:49 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2011/09/09 20:43:49 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2011/09/09 20:43:49 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll
[2011/09/09 20:43:49 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2011/09/09 20:43:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator.afognak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2011/09/09 20:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/09/09 20:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/09/09 20:43:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator.afognak\AppData\Roaming\WinRAR
[2011/09/09 20:43:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator.afognak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/09/09 20:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/09 20:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/09/09 20:31:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator.afognak\AppData\Roaming\uTorrent
[2011/09/09 20:31:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator.afognak\AppData\Local\uTorrent
[2011/09/09 18:39:26 | 000,581,120 | ---- | C] (OldTimer Tools) -- D:\Users\Administrator.afognak\Desktop\OTL.com
[2011/09/09 18:33:46 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/09/09 14:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/09/09 14:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/09 14:44:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator.afognak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/09/09 14:44:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator.afognak\Desktop
[2011/09/09 13:09:06 | 605,410,472 | ---- | C] (Microsoft Corporation) -- D:\Users\Administrator.afognak\Desktop\Windows6.0-KB948465-X64.exe
[2011/09/09 13:07:09 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- D:\Users\Administrator.afognak\Desktop\HiJackThis.exe
[2011/09/08 19:15:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/09/08 19:02:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator.afognak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\try
[2011/09/08 19:02:31 | 000,000,000 | ---D | C] -- \Program Files
[2011/09/08 19:01:21 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- D:\Users\Administrator.afognak\Desktop\try this.exe
[2011/09/08 18:50:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator.afognak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/09/08 18:50:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator.afognak\AppData\Roaming\Spybot - Search & Destroy
[2011/09/08 18:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/09/08 16:31:07 | 000,000,000 | ---D | C] -- C:\Windows\Program Files (x86)
[2011/09/08 15:32:42 | 000,000,000 | ---D | C] -- C:\broadcom
[2011/09/08 14:42:51 | 000,000,000 | ---D | C] -- D:\Users\Administrator.afognak\Documents\WC7435_PS_5.133.3.0_Eng[1]
[2011/09/08 14:40:40 | 006,269,752 | ---- | C] (Dell, Inc.) -- D:\Users\Administrator.afognak\Desktop\RAID_FRMW_WIN_R278433.EXE
[2011/09/08 14:40:40 | 002,537,984 | ---- | C] (Dell, Inc.) -- D:\Users\Administrator.afognak\Desktop\RAID_DRVR_WIN_R210510.EXE
[2011/09/08 14:40:40 | 000,522,000 | ---- | C] (Microsoft Corporation) -- D:\Users\Administrator.afognak\Desktop\setup.exe
[2011/09/08 14:40:40 | 000,360,960 | ---- | C] (Microsoft Corporation) -- D:\Users\Administrator.afognak\Desktop\setup.com
[2011/09/08 14:40:34 | 000,000,000 | ---D | C] -- D:\Users\Administrator.afognak\Desktop\xerox 7435
[2011/09/08 14:40:34 | 000,000,000 | ---D | C] -- D:\Users\Administrator.afognak\Desktop\updates
[2011/09/08 14:40:34 | 000,000,000 | ---D | C] -- D:\Users\Administrator.afognak\Desktop\setup
[2011/09/08 14:40:34 | 000,000,000 | ---D | C] -- D:\Users\Administrator.afognak\Desktop\scripts
[2011/09/08 14:40:34 | 000,000,000 | ---D | C] -- D:\Users\Administrator.afognak\Desktop\Procmon
[2011/09/08 14:40:34 | 000,000,000 | ---D | C] -- D:\Users\Administrator.afognak\Desktop\Pop3Connector
[2011/09/08 14:40:34 | 000,000,000 | ---D | C] -- D:\Users\Administrator.afognak\Desktop\DSET Report for coastline computers of kodiak[NVA-SERVER SvcTag-HG97YH1-PE2900]
[2011/09/08 14:40:34 | 000,000,000 | ---D | C] -- D:\Users\Administrator.afognak\Desktop\Backup Exec
[2011/09/08 14:40:34 | 000,000,000 | ---D | C] -- D:\Users\Administrator.afognak\Desktop\4118_M20_120_3420_M15_x64_PCL_v3.04.05.03
[2011/09/08 14:38:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator.afognak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/09/08 14:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/08 14:33:48 | 000,000,000 | ---D | C] -- \exch2k7-installer
[2011/09/08 12:47:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator.afognak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/08 12:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/07 18:51:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator.afognak\AppData\Roaming\BACS.exe
[2011/09/06 15:48:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/09/06 15:48:22 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/09/06 15:48:22 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/09/06 15:48:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/09/06 15:48:22 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/09/06 15:48:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/09/06 15:48:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/09/06 15:48:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/09/06 15:48:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/09/06 15:48:22 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/09/06 15:48:22 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/09/06 15:48:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/09/06 15:48:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/06/22 07:52:38 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\dkabserv.dll
[2011/06/22 07:52:38 | 000,446,464 | ---- | C] ( ) -- C:\Windows\SysWow64\dkabhcp.dll
[2011/06/22 07:52:37 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\dkabcomc.dll
[2011/06/22 07:52:37 | 000,603,376 | ---- | C] ( ) -- C:\Windows\SysWow64\dkabcoms.exe
[2011/06/22 07:52:37 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dkabcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/09/09 20:44:19 | 001,402,880 | ---- | M] () -- D:\Users\Administrator.afognak\Desktop\dam.msi
[2011/09/09 20:43:49 | 000,000,625 | ---- | M] () -- D:\Users\Administrator.afognak\Desktop\Registry Mechanic.lnk
[2011/09/09 20:09:50 | 000,296,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/09 18:39:28 | 000,581,120 | ---- | M] (OldTimer Tools) -- D:\Users\Administrator.afognak\Desktop\OTL.com
[2011/09/09 18:19:30 | 002,170,088 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/09 18:19:30 | 001,699,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/09 18:19:30 | 000,440,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/09 18:12:09 | 000,001,460 | ---- | M] () -- C:\Users\Administrator.afognak\AppData\Local\d3d9caps64.dat
[2011/09/09 18:10:27 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/09 18:10:26 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/09 18:10:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/09 15:24:18 | 000,387,584 | ---- | M] () -- D:\Users\Administrator.afognak\Desktop\rescue2usb.exe
[2011/09/09 14:59:56 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/09/09 14:07:01 | 018,370,560 | ---- | M] () -- D:\Users\Administrator.afognak\Desktop\Dell_DSET_2.2.0.118_A01.msi
[2011/09/09 13:10:03 | 605,410,472 | ---- | M] (Microsoft Corporation) -- D:\Users\Administrator.afognak\Desktop\Windows6.0-KB948465-X64.exe
[2011/09/09 13:07:17 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- D:\Users\Administrator.afognak\Desktop\HiJackThis.exe
[2011/09/09 12:55:56 | 000,032,548 | ---- | M] () -- D:\Users\Administrator.afognak\Desktop\cc_20110909_125522.reg
[2011/09/08 19:01:21 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- D:\Users\Administrator.afognak\Desktop\try this.exe
[2011/09/08 18:50:29 | 000,000,801 | ---- | M] () -- D:\Users\Administrator.afognak\Desktop\Spybot - Search & Destroy.lnk
[2011/09/08 18:22:06 | 000,002,144 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/08 16:17:15 | 000,379,392 | ---- | M] () -- D:\Users\Administrator.afognak\Desktop\subinacl.msi
[2011/09/08 16:12:56 | 000,001,731 | ---- | M] () -- D:\Users\Administrator.afognak\Desktop\updateMBperms.bat
[2011/09/08 16:12:48 | 000,000,663 | ---- | M] () -- D:\Users\Administrator.afognak\Desktop\try.lnk
[2011/09/08 14:38:21 | 000,000,685 | ---- | M] () -- D:\Users\Administrator.afognak\Desktop\CCleaner.lnk
[2011/09/06 15:53:58 | 158,007,296 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/09/06 15:53:58 | 000,524,288 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011/09/06 15:53:58 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx

========== Files Created - No Company Name ==========

[2011/09/09 20:44:19 | 001,402,880 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\dam.msi
[2011/09/09 20:43:49 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2011/09/09 20:43:49 | 000,000,625 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\Registry Mechanic.lnk
[2011/09/09 15:24:26 | 000,237,849 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\grub.exe
[2011/09/09 15:24:11 | 000,387,584 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\rescue2usb.exe
[2011/09/09 14:59:56 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/09/09 14:06:58 | 018,370,560 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\Dell_DSET_2.2.0.118_A01.msi
[2011/09/09 12:55:31 | 000,032,548 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\cc_20110909_125522.reg
[2011/09/08 18:50:29 | 000,000,801 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\Spybot - Search & Destroy.lnk
[2011/09/08 18:22:06 | 000,002,144 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/09/08 16:17:15 | 000,379,392 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\subinacl.msi
[2011/09/08 16:12:56 | 000,001,731 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\updateMBperms.bat
[2011/09/08 16:12:48 | 000,000,663 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\try.lnk
[2011/09/08 14:40:40 | 000,009,089 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\relnotes.htm
[2011/09/08 14:40:40 | 000,001,223 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\Shared (NVA-SERVER).lnk
[2011/09/08 14:40:38 | 131,624,960 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\OM-SrvAdmin-Dell-Web-WIN-6.3.0-2075_A00.20.exe
[2011/09/08 14:40:38 | 006,360,000 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\DSET Report for coastline computers of kodiak[NVA-SERVER SvcTag-HG97YH1-PE2900].zip
[2011/09/08 14:40:38 | 003,317,170 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\4118_M20_120_3420_M15_x64_PCL_v3.04.05.03.zip
[2011/09/08 14:40:38 | 002,616,665 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\ExBPA.201105260240174494.data.xml
[2011/09/08 14:40:38 | 000,000,685 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\CCleaner.lnk
[2011/09/08 14:40:38 | 000,000,063 | ---- | C] () -- D:\Users\Administrator.afognak\Desktop\autorun.inf
[2011/09/06 15:48:29 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2011/09/06 15:48:29 | 000,847,872 | ---- | C] () -- C:\Windows\SysNative\oleaut32.dll
[2011/09/06 15:48:28 | 002,762,240 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011/09/06 15:48:27 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2011/09/06 15:48:27 | 000,450,048 | ---- | C] () -- C:\Windows\SysNative\winsrv.dll
[2011/09/06 15:48:27 | 000,407,552 | ---- | C] () -- C:\Windows\SysNative\drivers\afd.sys
[2011/09/06 15:48:27 | 000,344,576 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2011/09/06 15:48:27 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\csrsrv.dll
[2011/09/06 15:48:26 | 009,272,320 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2011/09/06 15:48:26 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2011/09/06 15:48:26 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2011/09/06 15:48:26 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys
[2011/09/06 15:48:26 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2011/09/06 15:48:26 | 000,105,984 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2011/09/06 15:48:25 | 012,477,440 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2011/09/06 15:48:23 | 002,339,840 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2011/09/06 15:48:23 | 001,488,384 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2011/09/06 15:48:23 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2011/09/06 15:48:23 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2011/09/06 15:48:23 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2011/09/06 15:48:23 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2011/09/06 15:48:23 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2011/09/06 15:48:23 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2011/09/06 15:48:22 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2011/09/06 15:48:22 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2011/09/06 15:48:22 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2011/09/06 15:48:22 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2011/09/06 15:48:22 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2011/09/06 15:48:22 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2011/09/06 15:48:22 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\drivers\dfsc.sys
[2011/09/06 15:48:22 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll
[2011/09/06 15:48:22 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2011/09/06 15:48:22 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2011/09/06 15:48:22 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2011/09/06 15:48:22 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2011/09/06 15:48:22 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll
[2011/09/06 15:48:22 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2011/09/06 15:48:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/02/18 12:03:58 | 004,059,136 | ---- | C] () -- C:\Program Files (x86)\5000Objects.mdb
[2009/03/20 15:52:46 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/02/27 13:40:30 | 002,090,792 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/02/19 12:12:00 | 000,001,460 | ---- | C] () -- C:\Users\Administrator.afognak\AppData\Local\d3d9caps64.dat
[2008/10/02 10:03:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\StrStorage.dll
[2008/01/19 06:18:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2008/01/19 01:35:56 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2008/01/18 22:37:50 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2008/01/18 20:17:40 | 000,100,043 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/01/18 20:17:40 | 000,018,271 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/18 19:34:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/05 03:23:28 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/03 11:04:28 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2008/01/03 10:57:53 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

Attached Files

  • Attached File  OTL.Txt   67.18KB   125 downloads

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP