Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need a pro to analyze OTL scan...please!


  • This topic is locked This topic is locked

#1
nikknack

nikknack

    New Member

  • Member
  • Pip
  • 2 posts
I'm having a heck of a time! I'm pretty certain I have a virus. I continually receive error reporting messages. Sometimes saying "Internet Explorer has encountered an error and needs to close". I found out that if I ignore those messages and just move them out of my way, I can continue without trouble for a while before one by one, it (the virus) creeps up and shuts me off everything. Once in a while, an error reporting window pops up saying "Dr. Watson Post Mortem Debugger Has Encountered A Problem And Needs To Close" and it shuts me down. Also, I keep getting messages popping up saying "A problem with this website caused Internet Explorer to close and reopen the tab" and the window seems to refresh itself and come back up without shutting down completely. Sometimes, when I just try to open IE will not stay open and the window just keeps closing on it's own. When this happens, I have to start and restart the computer to finally get it to mysteriously start working right again....but of course, only for alittle while. It seems like I have the most trouble when I am on the two sites I visit often...Yahoo and Facebook. Other times my whole computer shuts down and I get the fatal "blue screen" but I am able to restart and it opens to the Microsoft website that tells me my system recovered from something serious and lists different steps to take to try and fix the problem. I've tried them all and none of them help. So, I continue trying to figure out what is wrong (I'm pretty sure it's a virus) and have run my antiviral software, Symantec Endpoint Protection, over and over again and it finds nothing. I ran OTL and below is the logfile. Can anyone tell me if anything looks wrong? Thanks alot for any help! :)


OTL logfile created on: 9/21/2011 2:48:16 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\System Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.45 Gb Available Physical Memory | 32.79% Memory free
3.23 Gb Paging File | 2.44 Gb Available in Paging File | 75.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 18.04 Gb Free Space | 32.27% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA | User Name: System Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/21 14:48:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\System Owner\Desktop\OTL.exe
PRC - [2011/05/24 20:43:31 | 015,614,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20SP2-KB2518864-x86.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2010/02/18 11:43:22 | 000,252,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jaucheck.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/20 13:13:44 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe
PRC - [2009/03/08 04:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2008/12/08 22:03:18 | 000,636,344 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
PRC - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/12/08 21:42:34 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/14 14:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/16 02:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/08 17:49:06 | 000,323,584 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Atheros\ACU.exe
PRC - [2005/09/26 11:22:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/02/08 04:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACA.EXE
PRC - [2001/08/23 08:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/02 22:27:44 | 003,542,616 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll
MOD - [2005/09/26 11:22:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/02 22:27:44 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2009/10/20 13:13:44 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2008/12/08 22:01:54 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/12/08 21:42:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/12/08 21:01:28 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 14:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 16:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2005/09/26 11:22:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/09/15 11:21:24 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110920.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/15 11:21:24 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110920.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/18 13:44:56 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/18 13:44:56 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/12 16:03:53 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/20 13:13:54 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009/10/20 13:13:22 | 000,779,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/10/13 12:31:46 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/10/13 12:31:46 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/10/13 12:31:46 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/21 11:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 11:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/06/16 16:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/01 17:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/18 07:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/02/27 05:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/11 23:40:44 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16CE0BD1-6748-4F7D-A145-A93C33E1ED92}: DhcpNameServer = 205.152.144.23 205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C24DCF4-8F93-4D7B-BB4C-DAF014B8A2BA}: DhcpNameServer = 205.152.144.23 205.152.132.23
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (athgina.dll) -C:\WINDOWS\System32\athgina.dll (Atheros)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/05 13:53:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/21 14:48:02 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\System Owner\Desktop\OTL.exe
[2011/09/21 03:10:38 | 000,000,000 | ---D | C] -- C:\d32c95765de5be60f4cbcb41
[2011/09/20 23:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/09/20 23:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\System Owner\Start Menu\Programs\HiJackThis
[2011/09/20 15:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\System Owner\Local Settings\Application Data\PCHealth
[2011/09/20 03:11:39 | 000,000,000 | ---D | C] -- C:\c77d436346628bd4a8e0ceeea48dc24a
[2011/09/20 03:05:04 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/09/20 03:05:04 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/09/20 03:05:03 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/09/20 03:05:03 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/09/20 03:05:03 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/09/20 03:05:03 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/09/20 03:05:02 | 000,000,000 | ---D | C] -- C:\156f737283f63164a54e054eab86
[2011/09/18 20:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/09/18 19:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\System Owner\Desktop\My Scooter
[2011/09/16 14:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\System Owner\Desktop\New Folder (2)
[2011/09/14 16:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\System Owner\Application Data\Apple Computer
[2011/09/13 22:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\System Owner\Desktop\Guitar Lessons
[2011/09/08 22:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\System Owner\Desktop\Prayers
[2011/09/08 18:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\System Owner\Desktop\Volunteer Opps
[2011/09/08 18:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\System Owner\Desktop\AJ Pic collages
[2011/09/08 18:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\System Owner\Desktop\Art Ideas
[2011/09/08 18:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\System Owner\Desktop\Resumes 2011
[2011/09/03 06:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/01 17:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/09/01 17:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/09/01 17:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\System Owner\Local Settings\Application Data\Temp
[2011/09/01 16:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\System Owner\Application Data\Google
[2011/09/01 16:58:13 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/30 19:20:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/21 14:48:10 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\System Owner\Desktop\OTL.exe
[2011/09/21 14:12:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/21 14:09:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/21 08:12:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/21 03:04:03 | 000,705,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/21 03:04:03 | 000,134,738 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/21 00:35:00 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4D07F462-7A9D-4630-A008-D08B010F3ACE}.job
[2011/09/20 23:47:10 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\System Owner\Desktop\HiJackThis.lnk
[2011/09/20 23:29:49 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2011/09/20 15:33:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/20 15:33:12 | 1474,473,984 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/20 03:33:31 | 000,224,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/18 20:18:16 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\System Owner\Desktop\Microsoft Fix it.url
[2011/09/18 20:10:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/15 12:07:34 | 000,012,629 | ---- | M] () -- C:\Documents and Settings\System Owner\My Documents\dons letter.odt
[2011/09/09 05:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/03 11:01:10 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\System Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/01 16:58:13 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/31 19:50:38 | 000,149,629 | ---- | M] () -- C:\Documents and Settings\System Owner\Desktop\Thompson Electric Scooter-psl.mht
[2011/08/31 19:49:49 | 000,186,038 | ---- | M] () -- C:\Documents and Settings\System Owner\Desktop\Thompson Electric Scooter-$625.mht
[2011/08/30 19:19:22 | 000,074,084 | ---- | M] () -- C:\Documents and Settings\System Owner\Desktop\Microsoft Windows Error Reporting.mht
[2011/08/30 14:59:28 | 000,049,621 | ---- | M] () -- C:\Documents and Settings\System Owner\Desktop\tour_nightofhunters_170.png
[2011/08/28 18:08:46 | 000,010,778 | ---- | M] () -- C:\Documents and Settings\System Owner\Desktop\Probation address & phone numbers.odt
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/20 23:46:45 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\System Owner\Desktop\HiJackThis.lnk
[2011/09/15 11:48:37 | 000,012,629 | ---- | C] () -- C:\Documents and Settings\System Owner\My Documents\dons letter.odt
[2011/09/10 23:17:30 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\System Owner\Desktop\Microsoft Fix it.url
[2011/09/01 16:57:51 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/01 16:57:50 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/31 19:50:37 | 000,149,629 | ---- | C] () -- C:\Documents and Settings\System Owner\Desktop\Thompson Electric Scooter-psl.mht
[2011/08/31 19:49:48 | 000,186,038 | ---- | C] () -- C:\Documents and Settings\System Owner\Desktop\Thompson Electric Scooter-$625.mht
[2011/08/30 19:19:14 | 000,074,084 | ---- | C] () -- C:\Documents and Settings\System Owner\Desktop\Microsoft Windows Error Reporting.mht
[2011/08/30 15:06:31 | 000,049,621 | ---- | C] () -- C:\Documents and Settings\System Owner\Desktop\tour_nightofhunters_170.png
[2011/08/28 18:08:46 | 000,010,778 | ---- | C] () -- C:\Documents and Settings\System Owner\Desktop\Probation address & phone numbers.odt
[2011/08/13 17:19:33 | 004,121,692 | ---- | C] () -- C:\Program Files\Wu Tang Clan - Tearz.mp3
[2011/08/13 17:18:58 | 004,971,144 | ---- | C] () -- C:\Program Files\Wu Tang Clan - Don't Be A Menace.mp3
[2011/08/13 17:18:25 | 005,443,918 | ---- | C] () -- C:\Program Files\Wu-Tang Clan - Triumph.mp3
[2011/08/13 17:17:40 | 004,023,414 | ---- | C] () -- C:\Program Files\Wu Tang Clan - In The Hood.mp3
[2011/08/13 16:32:50 | 006,156,145 | ---- | C] () -- C:\Program Files\Twista - [bleep] Dr Dre, Snoop, Eminem, Warren G & Nate Dogg wu- tang clan,biggie, mobb deep,fugees, casidy,cypress hill , jay z ,dmx,nwa,gza,rza.ghostface killa,.mp3
[2011/08/13 16:21:28 | 002,836,527 | ---- | C] () -- C:\Program Files\Wu-Tang Clan - Shame on a [bleep].mp3
[2011/08/13 16:20:53 | 007,157,285 | ---- | C] () -- C:\Program Files\Wu-Tang Clan - Method Man - Bring The Pain.mp3
[2011/08/13 16:19:25 | 005,440,036 | ---- | C] () -- C:\Program Files\Wu-Tang Clan - Killer Bees.mp3
[2011/08/13 16:18:29 | 005,646,336 | ---- | C] () -- C:\Program Files\Wu-Tang Clan MethodMan- M-E-T-H-O-D Man.mp3
[2011/08/13 16:18:25 | 003,523,624 | ---- | C] () -- C:\Program Files\Wu Tang Clan - CREAM.mp3
[2011/08/13 16:17:37 | 004,026,655 | ---- | C] () -- C:\Program Files\Wu-Tang Clan - Ice Cream.mp3
[2011/08/13 16:16:54 | 007,495,166 | ---- | C] () -- C:\Program Files\Wu-Tang Clan - Wu-Tang Forever - 08 - Bells of War (U-God, Method Man, RZA, Masta Killah, Raekwon the Chef & Ghostface Killah).mp3
[2011/08/13 16:16:44 | 003,821,445 | ---- | C] () -- C:\Program Files\Wu-Tang Clan - The Jump Off.mp3
[2011/08/13 16:16:06 | 002,563,427 | ---- | C] () -- C:\Program Files\Wu-Tang Clan - Mortal Kombat.mp3
[2011/08/13 16:15:55 | 003,061,722 | ---- | C] () -- C:\Program Files\Wu Tang Clan - Liquid Swords.mp3
[2011/08/13 16:15:32 | 003,270,960 | ---- | C] () -- C:\Program Files\Wu-Tang Clan Old Dirty [bleep] - Shimmy Shimmy Ya.mp3
[2010/11/17 18:45:58 | 002,788,997 | ---- | C] () -- C:\Program Files\The Temper Trap - Sweet Disposition.mp3
[2010/11/17 17:23:27 | 006,111,232 | ---- | C] () -- C:\Program Files\Linkin Park - What I've Done.mp3
[2010/11/16 01:47:31 | 008,110,865 | ---- | C] () -- C:\Program Files\10 The Temper Trap - Drum Song.mp3
[2010/11/14 23:51:00 | 004,665,662 | ---- | C] () -- C:\Program Files\Linkin Park - Bleed It Out.mp3
[2010/11/14 23:49:15 | 005,359,616 | ---- | C] () -- C:\Program Files\Linkin Park - Given up.mp3
[2010/11/14 23:48:28 | 002,649,867 | ---- | C] () -- C:\Program Files\Linkin Park - The Catalyst.mp3
[2010/11/14 23:48:18 | 007,405,680 | ---- | C] () -- C:\Program Files\Linkin Park - New Divide.mp3
[2010/11/14 23:47:38 | 006,114,787 | ---- | C] () -- C:\Program Files\Linkin Park - Leave out All the Rest.mp3
[2010/11/14 23:47:30 | 003,890,122 | ---- | C] () -- C:\Program Files\Linkin Park - Faint.mp3
[2010/11/14 23:46:10 | 003,737,310 | ---- | C] () -- C:\Program Files\Linkin Park - One Step Closer.mp3
[2010/10/08 21:23:28 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\System Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/21 15:41:28 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/08/21 15:41:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/08/21 15:41:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/08/21 15:41:28 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/08/21 15:41:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/08/21 15:41:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/08/21 15:41:28 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/08/21 15:41:28 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/08/21 15:41:27 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/08/21 15:41:27 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/08/21 15:41:27 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/08/21 15:41:27 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/08/21 15:41:27 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/08/21 15:41:27 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/08/21 15:41:27 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/08/21 15:41:27 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/07/17 20:47:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2010/07/17 20:47:48 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2010/07/17 20:47:48 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2010/07/17 20:47:10 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/07/12 14:54:48 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2010/07/12 14:54:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2010/07/12 14:54:48 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2010/07/12 14:54:48 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2010/07/12 14:41:59 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/07/12 14:41:59 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/07/12 14:38:13 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2010/07/12 14:38:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2010/07/12 14:38:07 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2010/07/12 14:36:51 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\PlugPlayPCIDevice.exe
[2010/07/05 13:57:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/05 13:50:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/05 09:45:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/05 09:44:18 | 000,224,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2005/12/08 18:01:06 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2001/08/23 08:00:00 | 000,705,822 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2001/08/23 08:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2001/08/23 08:00:00 | 000,134,738 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

Edited by nikknack, 21 September 2011 - 01:25 PM.

  • 0

Advertisements


#2
nikknack

nikknack

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hello, I am getting help for this problem at Spy Warrior. In order so I don't waste anyone's time on here, could you please close my topic. Thank you!
  • 0

#3
sari

sari

    GeekU Admin

  • Community Leader
  • 21,806 posts
  • MVP
Closed at user's request. Thanks for letting us know. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP