Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware reader_sl.exe -bad image errors

Started by OldBearMan , Feb 18 2012 11:53 PM

  • Please log in to reply

#1
OldBearMan
Posted 18 February 2012 - 11:53 PM

OldBearMan

    New Member

  • Member
  • Pip
  • 1 posts
Hello-
WinXP SP3 with reader_sl.exe - bad image error at startup, (after logon). There are other similar errors with '-bad image' depending on app chosen to start. I've downloaded OTL, and what follows are the OTL.txt output

OTL logfile created on: 2/18/2012 11:26:06 PM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Documents and Settings\schrob1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

427.48 Mb Total Physical Memory | 104.73 Mb Available Physical Memory | 24.50% Memory free
1.36 Gb Paging File | 0.96 Gb Available in Paging File | 70.79% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 43.79 Gb Total Space | 12.40 Gb Free Space | 28.31% Space Free | Partition Type: NTFS
Drive Z: | 465.64 Gb Total Space | 50.50 Gb Free Space | 10.84% Space Free | Partition Type: PrlSF

Computer Name: NLAN02-A30P | User Name: schrob1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/18 23:25:36 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\schrob1\Desktop\OTL.exe
PRC - [2012/01/16 16:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Management\Engine\2.1.0.12\ccSvcHst.exe
PRC - [2011/12/16 19:44:26 | 000,030,472 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) -- C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe
PRC - [2011/12/16 19:41:54 | 000,265,480 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) -- C:\Program Files\Parallels\Parallels Tools\Services\prl_tools.exe
PRC - [2011/12/16 19:41:54 | 000,222,472 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) -- C:\Program Files\Parallels\Parallels Tools\Services\prl_tools_service.exe
PRC - [2011/12/16 19:41:32 | 000,252,168 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) -- C:\Program Files\Parallels\Parallels Tools\prl_cc.exe
PRC - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Online\Engine\2.3.0.7\ccSvcHst.exe
PRC - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\6.0.1.2\ccSvcHst.exe
PRC - [2011/10/23 01:15:52 | 000,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2004/11/15 18:07:08 | 000,725,113 | ---- | M] (Digi International Inc.) -- C:\WINNT\system32\dgrpencx.exe
PRC - [2004/10/24 23:00:00 | 000,028,672 | ---- | M] (CANON INC.) -- C:\WINNT\system32\CAPM1RSK.EXE
PRC - [2003/11/03 12:47:08 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINNT\system32\gearsec.exe
PRC - [2002/07/11 08:31:56 | 000,045,056 | ---- | M] (DeviceGuys) -- C:\WINNT\system32\spool\drivers\w32x86\3\LMpdpsrv.exe
PRC - [2001/12/06 23:00:00 | 000,098,816 | ---- | M] (CANON INC.) -- C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE
PRC - [2001/12/06 23:00:00 | 000,030,208 | ---- | M] (CANON INC.) -- C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE
PRC - [2001/07/30 02:05:00 | 000,028,672 | ---- | M] () -- C:\WINNT\system32\QCONSVC.EXE
PRC - [2001/07/20 04:53:22 | 000,160,800 | ---- | M] (Actiontec Electronics, Inc) -- C:\WINNT\system32\AEIWLSTA.exe
PRC - [2001/07/09 17:19:34 | 000,069,632 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/24 05:29:32 | 000,816,224 | R--- | M] () -- C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\wincfi39.dll
MOD - [2008/04/19 17:35:02 | 000,081,920 | ---- | M] () -- C:\Program Files\ClamWin\bin\ExpShell.dll
MOD - [2006/05/13 22:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2005/02/08 17:23:10 | 000,979,005 | ---- | M] () -- C:\Program Files\ClamWin\bin\python23.dll
MOD - [2004/11/20 03:27:54 | 000,106,496 | ---- | M] () -- C:\Program Files\ClamWin\lib\shell.pyd
MOD - [2004/11/20 03:27:54 | 000,086,016 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32gui.pyd
MOD - [2004/11/20 03:27:54 | 000,077,824 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32file.pyd
MOD - [2004/11/20 03:27:54 | 000,069,632 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32api.pyd
MOD - [2004/11/20 03:27:54 | 000,065,536 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32security.pyd
MOD - [2004/11/20 03:27:54 | 000,036,864 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32process.pyd
MOD - [2004/11/20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32pipe.pyd
MOD - [2004/11/20 03:27:54 | 000,024,576 | ---- | M] () -- C:\Program Files\ClamWin\lib\win32event.pyd
MOD - [2004/10/11 20:22:18 | 000,315,392 | ---- | M] () -- C:\Program Files\ClamWin\lib\pythoncom23.dll
MOD - [2004/10/11 20:21:26 | 000,094,208 | ---- | M] () -- C:\Program Files\ClamWin\lib\pywintypes23.dll
MOD - [2004/05/25 21:20:30 | 000,036,864 | ---- | M] () -- C:\Program Files\ClamWin\lib\_winreg.pyd
MOD - [2004/05/25 21:19:32 | 000,045,117 | ---- | M] () -- C:\Program Files\ClamWin\lib\datetime.pyd
MOD - [2004/05/25 21:18:42 | 000,495,616 | ---- | M] () -- C:\Program Files\ClamWin\lib\_ssl.pyd
MOD - [2004/05/25 21:18:28 | 000,057,401 | ---- | M] () -- C:\Program Files\ClamWin\lib\_sre.pyd
MOD - [2004/05/25 21:18:20 | 000,049,212 | ---- | M] () -- C:\Program Files\ClamWin\lib\_socket.pyd
MOD - [2004/05/25 21:17:14 | 000,622,651 | ---- | M] () -- C:\Program Files\ClamWin\lib\_bsddb.pyd
MOD - [2004/01/15 14:45:22 | 000,061,440 | ---- | M] () -- C:\Program Files\ClamWin\lib\_ctypes.pyd
MOD - [2003/10/01 13:40:00 | 002,240,512 | ---- | M] () -- C:\Program Files\ClamWin\lib\wxc.pyd
MOD - [2003/10/01 11:43:02 | 003,239,936 | ---- | M] () -- C:\Program Files\ClamWin\lib\wxmsw24h.dll
MOD - [2003/08/10 09:14:40 | 000,061,440 | ---- | M] () -- C:\Program Files\ClamWin\lib\mxDateTime.pyd
MOD - [2002/11/26 12:43:18 | 000,106,496 | ---- | M] () -- C:\WINNT\system32\BrMuSNMP.dll
MOD - [2001/07/30 02:05:00 | 000,028,672 | ---- | M] () -- C:\WINNT\system32\QCONSVC.EXE
MOD - [2001/07/09 17:19:34 | 000,069,632 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (.NET Connection Service)
SRV - [2012/01/16 16:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Management\Engine\2.1.0.12\ccSvcHst.exe -- (MCLIENT)
SRV - [2011/12/16 19:44:26 | 000,030,472 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Auto | Running] -- C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe -- (Parallels Coherence Service)
SRV - [2011/12/16 19:41:54 | 000,222,472 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Auto | Running] -- C:\Program Files\Parallels\Parallels Tools\Services\prl_tools_service.exe -- (Parallels Tools Service)
SRV - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Online\Engine\2.3.0.7\ccSvcHst.exe -- (NOF)
SRV - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\6.0.1.2\ccSvcHst.exe -- (N360)
SRV - [2008/07/22 09:11:45 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/04/13 18:12:38 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2004/11/15 18:07:08 | 000,725,113 | ---- | M] (Digi International Inc.) [Auto | Running] -- C:\WINNT\system32\dgrpencx.exe -- (DgRpEncx)
SRV - [2003/11/03 12:47:08 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINNT\system32\gearsec.exe -- (GEARSecurity)
SRV - [2001/07/30 02:05:00 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINNT\system32\QCONSVC.EXE -- (QCONSVC)


========== Driver Services (SafeList) ==========

DRV - [2012/02/16 12:05:33 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/15 16:29:26 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120217.003\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/02/15 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120217.036\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/02/15 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/15 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120217.036\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/16 19:42:00 | 000,025,352 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\prl_vamp.sys -- (prl_va)
DRV - [2011/12/16 19:41:52 | 000,015,752 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\prl_time.sys -- (prl_time)
DRV - [2011/12/16 19:41:50 | 000,032,008 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\prl_strg.sys -- (prl_strg)
DRV - [2011/12/16 19:41:50 | 000,023,432 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\prl_tg.sys -- (prl_tg)
DRV - [2011/12/16 19:41:48 | 000,033,544 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\prl_sound.sys -- (prl_sound)
DRV - [2011/12/16 19:41:44 | 000,051,464 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\prl_pv32.sys -- (prl_pv32)
DRV - [2011/12/16 19:41:38 | 000,016,776 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\prl_mouf.sys -- (prl_mouf)
DRV - [2011/12/16 19:41:34 | 000,153,864 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [File_System | System | Running] -- C:\WINNT\system32\drivers\prl_fs.sys -- (prl_fs)
DRV - [2011/12/16 19:41:32 | 000,018,696 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\prl_eth5.sys -- (prl_eth5)
DRV - [2011/12/16 19:41:30 | 000,038,024 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\prl_boot.sys -- (prl_boot)
DRV - [2011/11/29 09:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\MCLIENT\0201000.00C\ccSetx86.sys -- (ccSet_MCLIENT)
DRV - [2011/11/28 22:48:55 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/23 20:23:47 | 000,905,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\N360\0600010.002\SYMEFA.SYS -- (SymEFA)
DRV - [2011/11/23 19:50:26 | 000,574,584 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINNT\system32\drivers\N360\0600010.002\SRTSP.SYS -- (SRTSP)
DRV - [2011/11/23 19:50:26 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0600010.002\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/16 21:38:00 | 000,197,624 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\NSM\0203000.011\SymRdr.SYS -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A})
DRV - [2011/11/16 21:37:59 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0600010.002\SYMTDI.SYS -- (SYMTDI)
DRV - [2011/11/16 21:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0600010.002\Ironx86.SYS -- (SymIRON)
DRV - [2011/11/04 17:59:35 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\NOF\0203000.007\ccSetx86.sys -- (ccSet_NOF)
DRV - [2011/11/04 17:59:35 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\N360\0600010.002\ccSetx86.sys -- (ccSet_N360)
DRV - [2011/08/16 00:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\N360\0600010.002\SYMDS.SYS -- (SymDS)
DRV - [2008/04/13 13:14:21 | 000,063,744 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINNT\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/01/30 15:51:21 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/12/27 21:23:10 | 000,064,160 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINNT\system32\drivers\NEOFLTR_600_12507.sys -- (NEOFLTR_600_12507) Juniper Networks TDI Filter Driver (NEOFLTR_600_12507)
DRV - [2007/12/03 14:04:48 | 000,015,232 | ---- | M] (Parallels Software International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\pcitg.sys -- (PCITG)
DRV - [2007/04/30 10:58:36 | 000,027,648 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2004/11/15 18:06:32 | 000,099,937 | ---- | M] (Digi International Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\digirlpt.sys -- (DIGIRPS)
DRV - [2004/11/11 13:40:30 | 000,013,696 | ---- | M] (Serenity Systems International) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\svspth.sys -- (svspth)
DRV - [2004/11/11 13:40:30 | 000,011,104 | ---- | M] (Serenity Systems International) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\svs.sys -- (svs)
DRV - [2004/11/11 13:37:26 | 000,007,456 | ---- | M] (Serenity Systems International) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\svsnet.sys -- (svsnet)
DRV - [2004/08/03 23:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/26 12:36:08 | 000,316,192 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2003/12/05 04:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/08/14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [2001/12/06 23:00:00 | 000,022,912 | ---- | M] (CANON INC.) [Kernel | Auto | Stopped] -- C:\WINNT\system32\drivers\CAPM1LP.SYS -- (RapidPortM1)
DRV - [2001/08/17 12:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)
DRV - [2001/07/30 02:05:00 | 000,002,295 | ---- | M] () [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2001/07/26 02:21:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2001/07/26 02:21:00 | 000,012,288 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2001/07/26 02:21:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2001/07/20 04:45:40 | 000,048,912 | ---- | M] (Actiontec Electronics, Inc) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\AEIWLNDS.sys -- (AEIWL)
DRV - [2001/05/21 13:21:14 | 000,055,712 | ---- | M] (Cirrus Logic, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\cwawdm.sys -- (cs429x)
DRV - [2001/04/11 10:29:50 | 000,101,557 | ---- | M] (Philips Semiconductors) [Kernel | Auto | Stopped] -- C:\WINNT\system32\drivers\Phildec.sys -- (PhilDec)
DRV - [2000/03/09 19:24:42 | 000,007,196 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\V7.SYS -- (V7)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 96 B2 94 88 ED CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.3.0.17\coFFFw\ [2012/02/18 23:12:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2012/02/16 12:07:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2012/02/18 23:12:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/16 10:57:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/01/09 08:06:19 | 000,000,000 | ---D | M]

[2005/06/22 18:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\schrob1\Application Data\Mozilla\Firefox\Profiles\207thdhk.default\extensions
[2005/06/22 18:37:49 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\schrob1\Application Data\Mozilla\Firefox\Profiles\207thdhk.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/16 10:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/03/30 16:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions
[2007/03/30 16:05:34 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/09/15 17:26:00 | 000,094,208 | ---- | M] () -- C:\Program Files\mozilla firefox\components\BrandRes.dll
[2012/02/08 14:13:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2005/09/15 17:26:00 | 000,150,912 | ---- | M] (Full Circle Software, Inc.) -- C:\Program Files\mozilla firefox\components\fullsoft.dll
[2005/09/15 17:26:00 | 000,041,573 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2005/09/15 17:26:00 | 000,048,223 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2005/09/15 17:26:00 | 000,008,813 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\qfaservices.dll
[2005/09/15 17:26:00 | 000,160,871 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007/08/30 09:34:03 | 000,034,384 | ---- | M] (WebEx) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2007/08/30 09:34:03 | 000,094,872 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2007/08/30 09:34:01 | 000,051,792 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2005/09/15 17:26:00 | 000,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2005/09/15 17:26:00 | 000,000,735 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2012/02/08 11:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2005/09/15 17:26:00 | 000,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2005/09/15 17:26:00 | 000,000,976 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2005/09/15 17:26:00 | 000,000,557 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dictionary.png
[2005/09/15 17:26:00 | 000,000,692 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dictionary.src
[2005/09/15 17:26:00 | 000,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2005/09/15 17:26:00 | 000,001,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2005/09/15 17:26:00 | 000,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2008/12/04 08:56:38 | 000,000,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2012/02/08 11:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2005/09/15 17:26:00 | 000,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2005/09/15 17:26:00 | 000,001,098 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: ([2012/02/15 22:46:48 | 000,000,804 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 .psf
O1 - Hosts: 0.0.0.0 psf
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.0.1.2\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.0.1.2\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Norton Safety Minder BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.17\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.0.1.2\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AEIWLSTA.EXE] C:\WINNT\System32\AEIWLSTA.exe (Actiontec Electronics, Inc)
O4 - HKLM..\Run: [AtiPTA] C:\WINNT\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IExplorer] C:\WINDOWS\system32\explorer.exe File not found
O4 - HKLM..\Run: [LMPDPSRV] C:\WINNT\system32\spool\drivers\w32x86\3\LMpdpsrv.exe (DeviceGuys)
O4 - HKLM..\Run: [Parallels Tools Center] C:\Program Files\Parallels\Parallels Tools\prl_cc.exe (Parallels Holdings, Ltd. and its affiliates.)
O4 - HKLM..\Run: [taskmgr] C:\WINNT\system32\explorer.exe File not found
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Canon PC1200 iC D600 iR1200G Status Window.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE (CANON INC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} http://cybernetman.c...sses/CFJava.cab (CFForm Runtime)
O16 - DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} http://10.104.5.4/ggw-activex.cab (IEGCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EFFDEEEC-F9E1-4461-91D2-DAEB8CC595F1} http://10.0.5.93/CSViewer.cab (CSViewer Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BC1F6DB-836E-4BF7-92A4-0B3BAA2CC073}: DhcpNameServer = 10.211.55.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{535966DE-BBB5-4D56-906F-43B388D6814D}: DhcpNameServer = 10.0.0.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA467C82-B825-43E1-A6EF-2A048A1F18FC}: DhcpNameServer = 10.211.55.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFD38CAB-CC39-4CCC-B7EB-6723BCBE68AB}: DhcpNameServer = 192.168.0.1 205.171.3.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/14 14:59:26 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{149d3972-7752-11da-a5bf-0020e08ab148}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/18 23:25:35 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\schrob1\Desktop\OTL.exe
[2012/02/18 21:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/02/16 12:05:10 | 000,905,336 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0600010.002\SymEFA.sys
[2012/02/16 12:05:10 | 000,574,584 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0600010.002\srtsp.sys
[2012/02/16 12:05:10 | 000,388,216 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0600010.002\symtdi.sys
[2012/02/16 12:05:10 | 000,345,208 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0600010.002\symtdiv.sys
[2012/02/16 12:05:10 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0600010.002\SymDS.sys
[2012/02/16 12:05:10 | 000,318,584 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0600010.002\symnets.sys
[2012/02/16 12:05:10 | 000,149,624 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0600010.002\Ironx86.sys
[2012/02/16 12:05:10 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0600010.002\ccSetx86.sys
[2012/02/16 12:05:10 | 000,032,888 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\N360\0600010.002\srtspx.sys
[2012/02/16 12:04:49 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\N360
[2012/02/16 12:04:49 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\N360\0600010.002
[2012/02/16 12:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2012/02/16 12:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2012/02/16 11:51:26 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2012/02/16 11:51:26 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2012/02/16 11:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/02/16 11:51:18 | 000,197,624 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NSM\0203000.011\symrdr.sys
[2012/02/16 11:51:12 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NSM
[2012/02/16 11:51:12 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NSM\0203000.011
[2012/02/16 11:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Safety Minder
[2012/02/16 11:51:04 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\NOF\0203000.007\ccSetx86.sys
[2012/02/16 11:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Online
[2012/02/16 11:51:03 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NOF
[2012/02/16 11:51:03 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\NOF\0203000.007
[2012/02/16 11:45:57 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\WINNT\System32\drivers\MCLIENT\0201000.00C\ccSetx86.sys
[2012/02/16 11:45:52 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\MCLIENT
[2012/02/16 11:45:52 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\MCLIENT\0201000.00C
[2012/02/16 11:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Management
[2012/02/16 11:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Management
[2012/02/16 11:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/02/16 11:45:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/02/16 11:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\schrob1\Start Menu\Programs\Norton
[2012/02/16 11:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2012/02/16 03:16:20 | 000,000,000 | -H-D | C] -- C:\WINNT\ie8
[2012/02/16 02:31:15 | 000,000,000 | ---D | C] -- C:\WINNT\Options
[2012/02/16 00:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/02/16 00:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\schrob1\Local Settings\Application Data\PackageAware
[2012/02/16 00:45:21 | 007,253,080 | ---- | C] (Uniblue Systems Ltd ) -- C:\Documents and Settings\schrob1\Desktop\registrybooster.exe
[2012/02/16 00:11:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\schrob1\IECompatCache
[2012/02/16 00:10:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\schrob1\PrivacIE
[2012/02/15 23:55:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\schrob1\IETldCache
[2012/02/15 23:48:12 | 000,000,000 | ---D | C] -- C:\WINNT\ie8updates
[2012/02/15 22:54:21 | 010,337,536 | ---- | C] (alch ) -- C:\Documents and Settings\schrob1\Desktop\clamwin-0.97.3-setup-nodb.exe
[2012/02/15 22:52:21 | 000,032,008 | ---- | C] (Parallels Holdings, Ltd. and its affiliates.) -- C:\WINNT\System32\drivers\prl_strg.sys
[2012/02/15 22:52:03 | 000,033,544 | ---- | C] (Parallels Holdings, Ltd. and its affiliates.) -- C:\WINNT\System32\drivers\prl_sound.sys
[2012/02/15 22:51:50 | 000,023,432 | ---- | C] (Parallels Holdings, Ltd. and its affiliates.) -- C:\WINNT\System32\drivers\prl_tg.sys
[2012/02/15 22:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\schrob1\Start Menu\Programs\Parallels Shared Applications
[2012/02/15 22:51:38 | 000,018,696 | ---- | C] (Parallels Holdings, Ltd. and its affiliates.) -- C:\WINNT\System32\drivers\prl_eth5.sys
[2012/02/15 22:51:29 | 000,189,440 | ---- | C] (Parallels Holdings, Ltd. and its affiliates.) -- C:\WINNT\System32\prl_gl.dll
[2012/02/15 22:51:29 | 000,188,680 | ---- | C] (Parallels Holdings, Ltd. and its affiliates.) -- C:\WINNT\System32\prl_vadd.dll
[2012/02/15 22:51:29 | 000,025,352 | ---- | C] (Parallels Holdings, Ltd. and its affiliates.) -- C:\WINNT\System32\drivers\prl_vamp.sys
[2012/02/15 22:51:18 | 000,016,776 | ---- | C] (Parallels Holdings, Ltd. and its affiliates.) -- C:\WINNT\System32\drivers\prl_mouf.sys
[2012/02/15 22:50:48 | 000,015,752 | ---- | C] (Parallels Holdings, Ltd. and its affiliates.) -- C:\WINNT\System32\drivers\prl_time.sys
[2012/02/15 22:48:38 | 000,051,464 | ---- | C] (Parallels Holdings, Ltd. and its affiliates.) -- C:\WINNT\System32\drivers\prl_pv32.sys
[2012/02/15 22:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Parallels
[2012/02/15 22:15:33 | 000,000,000 | ---D | C] -- C:\933b4274df22c5d5b61d16df
[2012/02/15 22:12:07 | 000,000,000 | ---D | C] -- C:\WINNT\Logs
[7 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/18 23:27:00 | 000,000,480 | ---- | M] () -- C:\WINNT\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2012/02/18 23:25:36 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\schrob1\Desktop\OTL.exe
[2012/02/18 23:12:41 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2012/02/18 23:10:42 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2012/02/18 23:05:52 | 000,799,594 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0600010.002\Cat.DB
[2012/02/18 22:48:59 | 000,000,314 | ---- | M] () -- C:\WINNT\tasks\BMMTask.job
[2012/02/18 22:34:31 | 000,246,312 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2012/02/18 21:25:41 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\schrob1\Desktop\fix.reg
[2012/02/18 21:24:10 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\schrob1\fix.reg
[2012/02/18 15:51:44 | 000,000,422 | -H-- | M] () -- C:\WINNT\tasks\User_Feed_Synchronization-{E326C98F-0B99-4D29-B040-7DEBA9AA38F2}.job
[2012/02/17 07:16:10 | 000,001,374 | ---- | M] () -- C:\WINNT\imsins.BAK
[2012/02/16 17:55:36 | 000,032,320 | ---- | M] () -- C:\Documents and Settings\schrob1\Desktop\transaction2011.pdf
[2012/02/16 17:49:08 | 000,000,505 | ---- | M] () -- C:\WINNT\brwmark.ini
[2012/02/16 17:49:08 | 000,000,079 | ---- | M] () -- C:\WINNT\BRPP2KA.INI
[2012/02/16 17:39:11 | 000,000,775 | ---- | M] () -- C:\WINNT\Brpfx04a.ini
[2012/02/16 13:14:07 | 000,004,782 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0600010.002\VT20111023.022
[2012/02/16 12:11:34 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\schrob1\Desktop\Norton Installation Files.lnk
[2012/02/16 12:09:13 | 268,435,456 | ---- | M] () -- C:\WINNT\MEMORY.DMP
[2012/02/16 12:05:33 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2012/02/16 12:05:33 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2012/02/16 12:05:33 | 000,007,468 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2012/02/16 12:05:33 | 000,000,806 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2012/02/16 12:05:29 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2012/02/16 11:51:23 | 000,002,288 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Online Family.lnk
[2012/02/16 10:57:44 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\schrob1\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/16 10:57:44 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/02/16 03:36:46 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\schrob1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/16 02:20:10 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\schrob1\Desktop\register_uniblue_product-1.reg
[2012/02/16 02:12:47 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\schrob1\Desktop\register_uniblue_product.reg
[2012/02/16 00:45:19 | 007,253,080 | ---- | M] (Uniblue Systems Ltd ) -- C:\Documents and Settings\schrob1\Desktop\registrybooster.exe
[2012/02/15 23:56:33 | 000,387,418 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2012/02/15 23:56:33 | 000,055,728 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2012/02/15 22:56:11 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ClamWin Antivirus.lnk
[2012/02/15 22:54:17 | 010,337,536 | ---- | M] (alch ) -- C:\Documents and Settings\schrob1\Desktop\clamwin-0.97.3-setup-nodb.exe
[2012/02/15 22:52:37 | 000,002,520 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/02/15 22:46:48 | 000,000,804 | ---- | M] () -- C:\WINNT\System32\drivers\etc\Hosts
[2012/02/13 07:10:28 | 000,000,172 | ---- | M] () -- C:\WINNT\System32\drivers\MCLIENT\0201000.00C\isolate.ini
[2012/02/07 01:47:46 | 000,000,172 | ---- | M] () -- C:\WINNT\System32\drivers\N360\0600010.002\isolate.ini
[7 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/18 21:25:41 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\schrob1\Desktop\fix.reg
[2012/02/18 21:24:10 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\schrob1\fix.reg
[2012/02/16 17:55:35 | 000,032,320 | ---- | C] () -- C:\Documents and Settings\schrob1\Desktop\transaction2011.pdf
[2012/02/16 13:14:31 | 000,004,782 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\VT20111023.022
[2012/02/16 12:05:35 | 000,799,594 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\Cat.DB
[2012/02/16 12:05:29 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2012/02/16 12:04:49 | 000,007,877 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\symnetv.cat
[2012/02/16 12:04:49 | 000,007,492 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\SymDS.cat
[2012/02/16 12:04:49 | 000,007,468 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\ccSetx86.cat
[2012/02/16 12:04:49 | 000,007,458 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\SymNet.cat
[2012/02/16 12:04:49 | 000,007,456 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\SymEFA.cat
[2012/02/16 12:04:49 | 000,007,454 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\srtspx.cat
[2012/02/16 12:04:49 | 000,007,450 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\srtsp.cat
[2012/02/16 12:04:49 | 000,007,450 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\iron.cat
[2012/02/16 12:04:49 | 000,004,782 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\SymVTcer.dat
[2012/02/16 12:04:49 | 000,003,434 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\SymEFA.inf
[2012/02/16 12:04:49 | 000,002,852 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\SymDS.inf
[2012/02/16 12:04:49 | 000,001,469 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\SymNetV.inf
[2012/02/16 12:04:49 | 000,001,441 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\SymNet.inf
[2012/02/16 12:04:49 | 000,001,389 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\srtspx.inf
[2012/02/16 12:04:49 | 000,001,389 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\srtsp.inf
[2012/02/16 12:04:49 | 000,000,827 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\ccSetx86.inf
[2012/02/16 12:04:49 | 000,000,742 | R--- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\Iron.inf
[2012/02/16 12:04:49 | 000,000,172 | ---- | C] () -- C:\WINNT\System32\drivers\N360\0600010.002\isolate.ini
[2012/02/16 11:54:49 | 000,000,480 | ---- | C] () -- C:\WINNT\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2012/02/16 11:51:26 | 000,007,468 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2012/02/16 11:51:26 | 000,000,806 | ---- | C] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2012/02/16 11:51:23 | 000,002,288 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Online Family.lnk
[2012/02/16 11:51:12 | 000,001,482 | R--- | C] () -- C:\WINNT\System32\drivers\NSM\0203000.011\SymRdr.inf
[2012/02/16 11:51:12 | 000,001,106 | R--- | C] () -- C:\WINNT\System32\drivers\NSM\0203000.011\symrdr.cat
[2012/02/16 11:51:03 | 000,007,468 | R--- | C] () -- C:\WINNT\System32\drivers\NOF\0203000.007\ccSetx86.cat
[2012/02/16 11:51:03 | 000,000,827 | R--- | C] () -- C:\WINNT\System32\drivers\NOF\0203000.007\ccSetx86.inf
[2012/02/16 11:51:03 | 000,000,172 | ---- | C] () -- C:\WINNT\System32\drivers\NOF\0203000.007\isolate.ini
[2012/02/16 11:45:52 | 000,007,468 | R--- | C] () -- C:\WINNT\System32\drivers\MCLIENT\0201000.00C\ccSetx86.cat
[2012/02/16 11:45:52 | 000,000,827 | R--- | C] () -- C:\WINNT\System32\drivers\MCLIENT\0201000.00C\ccSetx86.inf
[2012/02/16 11:45:52 | 000,000,172 | ---- | C] () -- C:\WINNT\System32\drivers\MCLIENT\0201000.00C\isolate.ini
[2012/02/16 11:45:17 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\schrob1\Desktop\Norton Installation Files.lnk
[2012/02/16 10:57:44 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/16 03:25:45 | 000,000,422 | -H-- | C] () -- C:\WINNT\tasks\User_Feed_Synchronization-{E326C98F-0B99-4D29-B040-7DEBA9AA38F2}.job
[2012/02/16 02:42:09 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/02/16 02:20:19 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\schrob1\Desktop\register_uniblue_product-1.reg
[2012/02/16 02:13:00 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\schrob1\Desktop\register_uniblue_product.reg
[2012/02/15 22:50:39 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\iacenc.dll
[2012/02/15 22:50:39 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\dllcache\iacenc.dll
[2005/07/22 22:24:30 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\schrob1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/04 18:05:08 | 000,000,268 | ---- | C] () -- C:\Documents and Settings\schrob1\Application Data\LMCPaper.dat
[2005/02/04 16:05:59 | 000,003,932 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\LMLayout.dat
[2005/02/03 22:24:17 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\schrob1\Local Settings\Application Data\fusioncache.dat
[2004/10/30 08:50:18 | 000,003,932 | ---- | C] () -- C:\Documents and Settings\schrob1\Application Data\LMLayout.dat
[2002/02/23 06:23:00 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt

========== LOP Check ==========

[2006/12/18 19:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2002/02/23 06:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGI
[2009/01/17 13:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2006/10/05 17:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/10/14 11:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2012/02/18 21:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2007/10/15 06:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\schrob1\Application Data\Citrix
[2008/01/31 09:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\schrob1\Application Data\ICAClient
[2008/03/31 07:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\schrob1\Application Data\Juniper Networks
[2008/12/20 14:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\schrob1\Application Data\OpenOffice.org
[2012/02/15 22:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\schrob1\Application Data\Parallels
[2008/11/15 16:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\schrob1\Application Data\ScanSoft
[2004/10/06 19:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\schrob1\Application Data\Thunderbird
[2012/02/18 23:27:00 | 000,000,480 | ---- | M] () -- C:\WINNT\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2012/02/18 22:48:59 | 000,000,314 | ---- | M] () -- C:\WINNT\Tasks\BMMTask.job
[2012/02/18 15:51:44 | 000,000,422 | -H-- | M] () -- C:\WINNT\Tasks\User_Feed_Synchronization-{E326C98F-0B99-4D29-B040-7DEBA9AA38F2}.job

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   94.68KB   98 downloads

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP