Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think it might be a trojan?!?

Started by nmd90 , Nov 15 2009 08:56 PM

  • Please log in to reply

#1
nmd90
Posted 15 November 2009 - 08:56 PM

nmd90

    New Member

  • Member
  • Pip
  • 3 posts
Hi I posted the following question in another section and was directed here

"At the moment everything seems to be going wrong with my computers!
I have a Packard Bell desktop which is getting a little old now, but recently got a virus or something on it which encrypted all my files and told me to buy their decrypter if I wanted to get any of my files back. Luckily I also have a Dell laptop which is the computer I mainly use so I had all of my important files on there. So I decided to do a destructive recovery of the desktop computer. Since then it was working fine.

Only a few weeks later my laptop started freezing for no apparent reason. It is now at the point where it lasts for about a maximum of 10minutes without freezing. Originally I thought it might be overheating, but now i've suspect the motherboard or something inside isn't working properly or it has a virus or something. It also has been very picky about whether or not it wants to accecpt usbs. I tried saving my files to usb and it would work for a little bit but then stop transferring and I would have to pull it out. Gradually I was able to transfer most of my files back over to the desktop so I would have a second copy.

This was working fine until the other day the desktop started freezes whenever I plug in a usb. Although, if I plug in the printer usb cable, it is fine. I have attempted to do system restores for both computers but it comes up with this message 'Changes made to drive(s) E:\ C:\ after this point cannot be reversed because the drive was either excluded from system restore monitoring or was turned off or removed'. Also, now my laptop keeps coming up with 'usb not recognised' if I plug in a usb

Both of the computers have norton antivirus on them and I have run multiple other virus scanners all of which have detected nothing! I think its a bit odd that both of the computer have almost identical symptoms so maybe one has infected the other whilst i've been transferring files?"

I was able to run the recommended tests on the desktop computer (except the system restore program wouldn't run), however I haven't been able to get the laptop to stay on long enough without freezing to do the tests. If I get it working I will post those logs also..but for now here are the desktop logs:

MALWAREBYTES

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 1

16/11/2009 10:02:20 AM
mbam-log-2009-11-16 (10-02-20).txt

Scan type: Quick Scan
Objects scanned: 81872
Time elapsed: 2 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ROOTREPEAL

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/16 10:04
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2DFD000 Size: 90112 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A6E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\System32\drivers\rootrepeal.sys
Address: 0xB277B000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

OTL

OTL logfile created on: 16/11/2009 10:10:41 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Nicole\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

767.48 Mb Total Physical Memory | 598.65 Mb Available Physical Memory | 78.00% Memory free
869.46 Mb Paging File | 759.78 Mb Available in Paging File | 87.39% Paging File free
Paging file location(s): C:\pagefile.sys 144 288 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.27 Gb Total Space | 29.08 Gb Free Space | 90.09% Space Free | Partition Type: NTFS
Drive D: | 157.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SN2527877008
Current User Name: Nicole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/16 10:42:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicole\Desktop\OTL.exe
PRC - [2004/08/04 00:35:08 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004/08/04 00:35:08 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004/08/03 21:10:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2003/05/02 11:31:50 | 00,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABoard\ABOARD.EXE
PRC - [2003/05/02 11:31:38 | 00,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABoard\AOSD.EXE
PRC - [2002/08/29 20:00:00 | 01,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe


========== Modules (SafeList) ==========

MOD - [2009/11/16 10:42:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicole\Desktop\OTL.exe
MOD - [2002/08/29 20:00:00 | 00,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
MOD - [2002/08/29 20:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2002/08/29 20:00:00 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll


========== Win32 Services (SafeList) ==========

SRV - [2004/08/04 00:35:08 | 00,389,120 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/08/03 21:10:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2002/08/29 20:00:00 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr)
SRV - [2002/08/29 20:00:00 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2001/02/23 10:07:30 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O4 - HKLM..\Run: [ACTIVBOARD] c:\APPS\ABoard\ABOARD.EXE (NEC Computers International)
O4 - HKLM..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKCU..\Run: [Sonic RecordNow!] File not found
O4 - Startup: C:\Documents and Settings\Nicole\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/11/15 14:00:54 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: uploadmgr - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/16 10:03:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicole\Application Data\WinRAR
[2009/11/16 10:03:29 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/11/16 09:59:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/16 09:58:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/16 09:58:03 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Nicole\Desktop\SysRestorePoint.exe
[2009/11/16 09:51:46 | 00,339,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicole\Desktop\TFC.exe
[2009/11/16 09:51:30 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nicole\Desktop\OTL.exe
[2009/11/16 09:51:23 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Nicole\Desktop\erunt_setup.exe
[2009/11/15 14:01:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/11/15 14:01:39 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/11/15 14:01:39 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/11/15 14:01:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/11/15 14:01:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/11/15 14:01:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/11/15 14:01:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/11/15 14:01:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/11/15 14:01:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/11/15 14:01:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/11/15 14:01:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/11/15 14:01:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/11/15 14:01:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/11/15 14:01:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/11/15 14:01:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/11/15 14:01:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2009/11/15 14:01:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/11/15 14:01:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/11/15 14:01:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/11/15 14:01:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/11/15 14:01:02 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/11/15 14:00:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/11/15 14:00:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/11/15 14:00:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/11/15 14:00:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/11/15 14:00:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/11/15 14:00:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/11/15 14:00:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/11/15 14:00:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/11/15 14:00:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/11/15 14:00:44 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/11/15 14:00:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/11/15 14:00:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/11/15 14:00:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/11/15 14:00:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/11/15 14:00:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/11/15 14:00:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/11/15 14:00:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/11/15 14:00:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/11/15 14:00:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/11/15 14:00:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/11/15 14:00:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/11/15 14:00:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/11/15 14:00:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/11/15 14:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/11/15 14:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/11/15 14:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/11/15 14:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/11/15 14:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/11/15 14:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/11/15 14:00:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/11/15 14:00:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2009/11/15 14:00:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/11/15 14:00:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/11/15 14:00:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\REPAIR
[2009/11/15 14:00:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/11/15 14:00:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2009/11/15 14:00:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2009/11/15 14:00:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\PREFETCH
[2009/11/15 14:00:14 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/11/15 14:00:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2009/11/15 14:00:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/11/15 14:00:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/11/15 14:00:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/11/15 14:00:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Modio
[2009/11/15 14:00:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/11/15 14:00:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/11/15 14:00:09 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/11/15 13:59:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/11/15 13:59:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/11/15 13:58:19 | 00,000,000 | -H-D | C] -- C:\WINDOWS\i386
[2009/11/15 13:57:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/11/15 13:57:46 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/11/15 13:57:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/11/15 13:57:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/11/15 13:57:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/11/15 13:57:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/11/15 13:57:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/11/15 13:57:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/11/15 13:57:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/11/15 13:57:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/11/15 13:57:32 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/11/15 13:57:32 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/11/15 13:57:32 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/11/15 13:57:32 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009/11/15 13:57:32 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/11/15 13:57:31 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/11/15 13:57:30 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/11/15 13:57:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/11/15 13:57:30 | 00,000,000 | ---D | C] -- C:\Program Files\Sonic
[2009/11/15 13:57:26 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/11/15 13:57:25 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/11/15 13:57:25 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/11/15 13:57:25 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/11/15 13:57:24 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/11/15 13:57:23 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/11/15 13:57:22 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/11/15 13:57:20 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/11/15 13:57:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/11/15 13:57:05 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/11/15 13:57:05 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/11/15 13:57:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/11/15 13:57:04 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/11/15 13:57:03 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/11/15 13:57:02 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/11/15 13:57:02 | 00,000,000 | ---D | C] -- C:\Program Files\HandyBits
[2009/11/15 13:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2009/11/15 13:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/11/15 13:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/11/15 13:56:59 | 00,000,000 | --SD | C] -- C:\Program Files\Common Files\Teknum Systems
[2009/11/15 13:56:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2009/11/15 13:56:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/11/15 13:56:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2009/11/15 13:56:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/11/15 13:56:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/11/15 13:56:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/11/15 13:56:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/11/15 13:56:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/11/15 13:56:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/11/15 13:56:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2009/11/15 13:56:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/11/15 13:56:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2009/11/15 13:56:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/11/15 13:56:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/11/15 13:56:34 | 00,000,000 | ---D | C] -- C:\Program Files\Audioneer
[2009/11/15 13:56:34 | 00,000,000 | ---D | C] -- C:\Program Files\aod
[2009/11/15 13:56:32 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/11/15 13:56:32 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/11/15 13:56:25 | 00,000,000 | -H-D | C] -- C:\PNP
[2009/11/15 13:56:14 | 00,000,000 | ---D | C] -- C:\MAGIX
[2009/11/15 13:56:12 | 00,000,000 | -H-D | C] -- C:\DRIVERS
[2009/11/15 13:56:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2009/11/15 13:56:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/11/15 13:56:09 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2009/11/15 13:56:09 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2009/11/15 13:56:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2009/11/15 13:56:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/11/15 13:56:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2009/11/15 13:56:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Desktop
[2009/11/15 13:56:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/11/15 13:56:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/11/15 13:56:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2009/11/15 13:56:07 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/11/15 13:56:07 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2009/11/15 13:56:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/11/15 13:56:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/11/15 13:56:06 | 00,000,000 | -H-D | C] -- C:\DIVTOOLS
[2009/11/15 13:56:04 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/15 13:56:02 | 00,000,000 | ---D | C] -- C:\ATI Technologies
[2009/11/15 13:55:30 | 00,000,000 | ---D | C] -- C:\APPS
[2009/11/15 13:55:04 | 00,000,000 | ---D | C] -- C:\ACTIVDOC
[2009/11/15 11:53:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicole\DoctorWeb
[2009/11/15 11:46:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicole\Application Data\Malwarebytes
[2009/11/15 11:46:11 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/15 11:46:10 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/15 11:46:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/15 11:46:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/15 11:44:48 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nicole\Desktop\mbam-setup.exe
[2009/11/14 20:09:01 | 00,135,168 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2009/11/14 20:08:39 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/11/14 20:06:26 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Nicole\Cookies
[2009/11/14 20:06:26 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Nicole\Application Data\Microsoft
[2009/11/14 20:06:26 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Nicole\SendTo
[2009/11/14 20:06:26 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Nicole\Recent
[2009/11/14 20:06:26 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Nicole\Application Data
[2009/11/14 20:06:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Nicole\Start Menu
[2009/11/14 20:06:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Nicole\My Documents\My Pictures
[2009/11/14 20:06:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Nicole\My Documents\My Music
[2009/11/14 20:06:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Nicole\My Documents
[2009/11/14 20:06:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Nicole\Favorites
[2009/11/14 20:06:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Nicole\Desktop
[2009/11/14 20:06:26 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Nicole\Templates
[2009/11/14 20:06:26 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Nicole\PrintHood
[2009/11/14 20:06:26 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Nicole\NetHood
[2009/11/14 20:06:26 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Nicole\Local Settings
[2009/11/14 20:06:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicole\WINDOWS
[2009/11/14 20:06:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicole\My Documents\My eBooks
[2009/11/14 20:06:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicole\Local Settings\Application Data\Microsoft
[2009/11/14 20:06:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicole\Application Data\Real
[2009/11/14 20:06:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicole\Application Data\InterTrust
[2009/11/14 20:06:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nicole\Application Data\Identities
[2004/01/12 20:57:42 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2004/01/12 20:57:42 | 00,011,544 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[1980/01/01 00:00:00 | 01,290,312 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[1980/01/01 00:00:00 | 00,507,008 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[1980/01/01 00:00:00 | 00,210,024 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1980/01/01 00:00:00 | 00,162,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[1980/01/01 00:00:00 | 00,084,784 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys

========== Files - Modified Within 14 Days ==========

[2009/11/16 10:56:06 | 01,374,154 | ---- | M] () -- C:\Documents and Settings\Nicole\Desktop\wrar390.exe
[2009/11/16 10:54:22 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Nicole\Desktop\SysRestorePoint.exe
[2009/11/16 10:47:59 | 00,465,298 | ---- | M] () -- C:\Documents and Settings\Nicole\Desktop\RootRepeal.rar
[2009/11/16 10:42:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicole\Desktop\OTL.exe
[2009/11/16 10:41:58 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Nicole\Desktop\erunt_setup.exe
[2009/11/16 10:41:39 | 00,339,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nicole\Desktop\TFC.exe
[2009/11/16 10:03:37 | 00,786,432 | -H-- | M] () -- C:\Documents and Settings\Nicole\NTUSER.DAT
[2009/11/16 09:58:50 | 00,000,770 | ---- | M] () -- C:\Documents and Settings\Nicole\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/16 09:58:40 | 00,000,614 | ---- | M] () -- C:\Documents and Settings\Nicole\Desktop\NTREGOPT.lnk
[2009/11/16 09:58:40 | 00,000,595 | ---- | M] () -- C:\Documents and Settings\Nicole\Desktop\ERUNT.lnk
[2009/11/16 09:53:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/16 09:53:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/16 09:53:03 | 80,483,5328 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/16 09:52:13 | 00,000,180 | -HS- | M] () -- C:\Documents and Settings\Nicole\ntuser.ini
[2009/11/15 12:38:01 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nicole\Desktop\mbam-setup.exe
[2009/11/15 12:27:36 | 01,381,864 | -H-- | M] () -- C:\Documents and Settings\Nicole\Local Settings\Application Data\IconCache.db
[2009/11/15 11:46:13 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 20:10:32 | 00,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/14 20:07:43 | 00,000,264 | RHS- | M] () -- C:\BOOT.INI
[2009/11/14 20:07:37 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/14 20:07:37 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/14 20:06:46 | 00,000,789 | ---- | M] () -- C:\Documents and Settings\Nicole\Desktop\Windows Media Player.lnk
[2009/11/14 20:06:23 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/14 20:05:11 | 00,000,636 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/11/14 20:05:10 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/11/14 20:05:09 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 3.job
[2009/11/14 20:05:09 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Registration reminder 2.job
[2009/11/14 20:03:29 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/14 20:03:20 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

========== Files Created - No Company Name ==========

[2009/11/16 09:58:50 | 00,000,770 | ---- | C] () -- C:\Documents and Settings\Nicole\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/11/16 09:58:40 | 00,000,614 | ---- | C] () -- C:\Documents and Settings\Nicole\Desktop\NTREGOPT.lnk
[2009/11/16 09:58:40 | 00,000,595 | ---- | C] () -- C:\Documents and Settings\Nicole\Desktop\ERUNT.lnk
[2009/11/16 09:57:58 | 01,374,154 | ---- | C] () -- C:\Documents and Settings\Nicole\Desktop\wrar390.exe
[2009/11/16 09:51:38 | 00,465,298 | ---- | C] () -- C:\Documents and Settings\Nicole\Desktop\RootRepeal.rar
[2009/11/15 12:28:34 | 80,483,5328 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/15 11:46:13 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/14 20:07:37 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/11/14 20:07:37 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/11/14 20:06:46 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\Nicole\Desktop\Windows Media Player.lnk
[2009/11/14 20:06:28 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Nicole\Application Data\desktop.ini
[2009/11/14 20:06:27 | 01,381,864 | -H-- | C] () -- C:\Documents and Settings\Nicole\Local Settings\Application Data\IconCache.db
[2009/11/14 20:06:26 | 00,000,180 | -HS- | C] () -- C:\Documents and Settings\Nicole\ntuser.ini
[2009/11/14 20:06:25 | 00,786,432 | -H-- | C] () -- C:\Documents and Settings\Nicole\NTUSER.DAT
[2009/11/14 20:05:10 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/11/14 20:05:09 | 00,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 3.job
[2009/11/14 20:05:08 | 00,000,258 | ---- | C] () -- C:\WINDOWS\tasks\Registration reminder 2.job
[2009/11/14 20:05:06 | 00,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Explorer.lnk
[2009/11/14 20:03:20 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2004/08/04 00:35:14 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/01/13 00:26:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/13 00:17:49 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/13 00:12:39 | 00,000,076 | ---- | C] () -- C:\WINDOWS\MAGIX.INI
[2004/01/13 00:12:09 | 00,000,072 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini
[2004/01/13 00:11:40 | 00,000,187 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2004/01/13 00:04:05 | 00,001,961 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/13 00:03:23 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/12 20:57:42 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2004/01/12 20:57:42 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2003/11/06 13:35:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/06/21 07:17:17 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/06/21 06:53:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/06/21 06:45:09 | 00,000,487 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/06/21 06:44:59 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/06/21 06:44:45 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/09/17 12:00:00 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\tsseCryp.dll
[1980/01/01 00:00:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1980/01/01 00:00:00 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[1980/01/01 00:00:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll

========== LOP Check ==========

[2009/11/15 13:56:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/11/15 13:56:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nicole\Application Data\InterTrust
[2002/08/29 20:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/14 20:05:09 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 2.job
[2009/11/14 20:05:09 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2009/11/16 09:53:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2000/03/09 09:06:00 | 00,028,680 | ---- | M] () -- C:\FLIPART.EXE
[2002/08/29 15:03:06 | 00,006,384 | ---- | M] () -- C:\GETDRIVE.EXE

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2002/08/29 20:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2002/08/29 20:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2002/08/29 20:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331060$\atapi.sys
[2002/10/16 17:31:10 | 00,087,040 | ---- | M] (Microsoft Corporation) MD5=3DF589B9A15FF9EF4AA499F98C1C16D5 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2001/08/17 13:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\system32\drivers\AGP440.SYS

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >


OTL Extras logfile created on: 16/11/2009 10:10:41 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Nicole\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

767.48 Mb Total Physical Memory | 598.65 Mb Available Physical Memory | 78.00% Memory free
869.46 Mb Paging File | 759.78 Mb Available in Paging File | 87.39% Paging File free
Paging file location(s): C:\pagefile.sys 144 288 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.27 Gb Total Space | 29.08 Gb Free Space | 90.09% Space Free | Partition Type: NTFS
Drive D: | 157.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SN2527877008
Current User Name: Nicole
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7C6D8763-EEB7-433E-A75E-2AB44892FCA2}" = Ulead Photo Explorer 7.0 SE Platinum
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"3Com 3C920B Network drivers_is1" = 3Com 3C920B Network drivers
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"ERUNT_is1" = ERUNT 1.1j
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Q327979" = Windows XP Hotfix (SP2) Q327979
"q330512" = Windows XP Hotfix (SP2) q330512
"Q330909" = Windows XP Hotfix (SP2) Q330909
"Q331060" = Windows XP Hotfix (SP2) [See Q331060 for more information]
"Q331816" = Windows XP Hotfix (SP2) Q331816
"Q810020" = Windows XP Hotfix (SP2) Q810020
"Q814545" = Windows XP Hotfix (SP2) Q814545
"Q815411" = Windows XP Hotfix (SP2) Q815411
"SLAMRMO" = Aztech CNR2900 V.92 Modem
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/11/2009 8:51:38 PM | Computer Name = SN2527877008 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 14/11/2009 8:51:38 PM | Computer Name = SN2527877008 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

[ System Events ]
Error - 14/11/2009 8:52:47 PM | Computer Name = SN2527877008 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 14/11/2009 8:52:48 PM | Computer Name = SN2527877008 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 14/11/2009 8:53:02 PM | Computer Name = SN2527877008 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 14/11/2009 8:53:02 PM | Computer Name = SN2527877008 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 14/11/2009 8:53:02 PM | Computer Name = SN2527877008 | Source = Service Control Manager | ID = 7001
Description = The Messenger service depends on the NetBIOS Interface service which
failed to start because of the following error: %%31

Error - 14/11/2009 8:53:02 PM | Computer Name = SN2527877008 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 14/11/2009 8:53:02 PM | Computer Name = SN2527877008 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip

Error - 14/11/2009 9:27:37 PM | Computer Name = SN2527877008 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 15/11/2009 6:52:05 PM | Computer Name = SN2527877008 | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 15/11/2009 6:52:05 PM | Computer Name = SN2527877008 | Source = Service Control Manager | ID = 7034
Description = The Machine Debug Manager service terminated unexpectedly. It has
done this 1 time(s).


< End of report >
  • 0

Advertisements

#2
nmd90
Posted 19 November 2009 - 12:06 AM

nmd90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
So..its been several days now and no response. I am finding it increasingly difficult to resist the temptation of throwing the computers out the window!
Anyway..I managed to get the laptop to stay on long enough to do the Malwarebytes and the Rootrepeal scan however I have not been able to get the logs onto the another computer to be able to post them. I tried sending to usb 'USB not recognized' and I tried sending to the CD drive - won't stay on long enough to get it there and then I tried sending to the floppy drive - came up with something about path not specified. When I did the Malwarebytes scan it found 3 items, a malware item and 2 adware things and it removed them. On the Rootrepeal scan under almost all the items it said hooked by.... (something like an IP address) Is this bad? (sorry I can't post the logs but i'll keep trying!)
Please help!!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP