here's the otl scan logs. Computer still redirecting.
OTL Extras logfile created on: 3/10/2010 9:45:59 AM - Run 1
OTL by OldTimer - Version 3.1.36.0 Folder = C:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
607.00 Mb Total Physical Memory | 215.00 Mb Available Physical Memory | 35.00% Memory free
743.00 Mb Paging File | 308.00 Mb Available in Paging File | 41.00% Paging File free
Paging file location(s): C:\pagefile.sys 168 336 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.01 Gb Total Space | 25.22 Gb Free Space | 76.40% Space Free | Partition Type: NTFS
Drive D: | 4.24 Gb Total Space | 0.69 Gb Free Space | 16.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BARRY
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe" = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576 -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-3976-4267-9F39-1DC4745090B7}" = Microsoft Learning and Research Plus Support Files
"{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = easy Internet sign-up
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0D396571-7BBD-44CE-ABB3-518BF86B72F7}" = HP Photo and Imaging 2.0 - Photosmart Printer Series
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{15BFECE8-A100-4861-B92B-1EFF76683C23}" = Norton Personal Firewall
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{47808F78-F178-49DC-B708-15FE538B16FF}" = iTunes
"{48BD24F5-13DE-493A-A7CE-28A85113FF0C}" = HP Deskjet printer preloaded drivers
"{4FCC384C-18EA-4E25-9281-A06AE006D219}" = Weblink
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6C5D7191-140A-11D6-B5A0-0050DA208A93}" = ArcSoft PhotoImpression
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro Trial
"{809987B2-F964-11D4-A1A5-00104BD190B1}" = QuickBooks Pro 2002
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}" = EPSON Photo Print
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B8BC806D-0703-11D4-BB23-006008676AF8}" = Sony Ericsson Communications Suite
"{BB9CC6C0-3D35-45BB-B69A-793D95A343F5}" = PromptCast
"{CD4D567E-44D7-4CDA-977D-C918D88FA3D9}_is1" = MemTurbo 4
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"9A8CE71F-71D5-4555-B355-85481DC99B80" = Excavation from Compaq (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"AIMToolbar" = AIM Toolbar
"AOL Instant Messenger" = AOL Instant Messenger
"AVG9Uninstall" = AVG Free 9.0
"BackWeb-1940576 Uninstaller" = Compaq Connections
"Belarc Advisor 2.0" = Belarc Advisor 6.0
"CCleaner" = CCleaner
"Cyber-Detective 9.0_is1" = Cyber-Detective 9.0
"Drempels" = Drempels (remove only)
"ERUNT_is1" = ERUNT 1.1j
"FMS" = FMS
"Hard Disk Tune-Up_is1" = Hard Disk Tune-Up 1.0
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = easy Internet sign-up
"InstallShield_{47808F78-F178-49DC-B708-15FE538B16FF}" = iTunes
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Instant Support" = Instant Support
"KeynoteConnector" = Keynote Connector
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MSN Music Assistant" = MSN Music Assistant
"MSNMS" = MSN Internet Software
"MWASPI" = MicroStaff WINASPI
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QuickTime" = QuickTime
"QWhaleClockScreenSaver" = Clock Screen Saver
"RealPlayer 6.0" = RealPlayer
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"Silent Package Run-Time Sample" = EPSON PERF 1670 Guide
"SpamSubtract" = SpamSubtract
"Tranquil - Waterfalls" = Tranquil - Waterfalls Screen Saver
"Uninstall Presto! BizCard 4.1 Eng" = Presto! BizCard 4.1 Eng
"Version 1.1" = Version 1.1
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Web Controls_is1" = Support.com Web Controls
"WGA" = Windows Genuine Advantage Validation Tool
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"Yahoo! Companion" = Yahoo! Companion
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TMPwpCli" = T-Mobile Secure Mail Connector
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 3/4/2010 9:53:12 PM | Computer Name = BARRY | Source = ESENT | ID = 489
Description = wuauclt (5432) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 3/4/2010 9:53:12 PM | Computer Name = BARRY | Source = ESENT | ID = 455
Description = wuaueng.dll (5432) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 3/4/2010 9:56:20 PM | Computer Name = BARRY | Source = ESENT | ID = 489
Description = wuauclt (188) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 3/4/2010 9:56:20 PM | Computer Name = BARRY | Source = ESENT | ID = 455
Description = wuaueng.dll (188) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 3/4/2010 9:56:33 PM | Computer Name = BARRY | Source = ESENT | ID = 489
Description = wuauclt (188) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 3/4/2010 9:56:33 PM | Computer Name = BARRY | Source = ESENT | ID = 455
Description = wuaueng.dll (188) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 3/4/2010 9:59:39 PM | Computer Name = BARRY | Source = ESENT | ID = 489
Description = wuauclt (4768) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 3/4/2010 9:59:39 PM | Computer Name = BARRY | Source = ESENT | ID = 455
Description = wuaueng.dll (4768) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 3/4/2010 9:59:51 PM | Computer Name = BARRY | Source = ESENT | ID = 489
Description = wuauclt (4768) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 3/4/2010 9:59:51 PM | Computer Name = BARRY | Source = ESENT | ID = 455
Description = wuaueng.dll (4768) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
[ System Events ]
Error - 3/7/2010 8:36:38 PM | Computer Name = BARRY | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
Error - 3/7/2010 8:39:42 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFS2K Imapi
Error - 3/7/2010 9:24:23 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7034
Description = The Softex OmniPass Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 3/7/2010 9:27:43 PM | Computer Name = BARRY | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
Error - 3/7/2010 9:30:42 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFS2K Imapi
Error - 3/7/2010 9:31:34 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7034
Description = The Softex OmniPass Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 3/9/2010 1:37:36 PM | Computer Name = BARRY | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.
Error - 3/9/2010 1:40:26 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFS2K Imapi
Error - 3/9/2010 1:41:22 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7034
Description = The Softex OmniPass Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 3/9/2010 5:20:21 PM | Computer Name = BARRY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFS2K Imapi
< End of report >
OTL logfile created on: 3/10/2010 9:45:57 AM - Run 1
OTL by OldTimer - Version 3.1.36.0 Folder = C:\
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
607.00 Mb Total Physical Memory | 215.00 Mb Available Physical Memory | 35.00% Memory free
743.00 Mb Paging File | 308.00 Mb Available in Paging File | 41.00% Paging File free
Paging file location(s): C:\pagefile.sys 168 336 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.01 Gb Total Space | 25.22 Gb Free Space | 76.40% Space Free | Partition Type: NTFS
Drive D: | 4.24 Gb Total Space | 0.69 Gb Free Space | 16.38% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BARRY
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/03/10 09:45:26 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2010/02/15 13:05:53 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/15 13:05:50 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/15 13:05:48 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/15 13:05:48 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/15 13:05:38 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/02/15 13:05:36 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/03/25 15:01:30 | 000,441,344 | ---- | M] (Sammsoft) -- C:\Program Files\Hard Disk Tune-Up\HDTuneUpSrv.exe
PRC - [2008/12/11 15:38:04 | 002,322,432 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/08/04 01:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/05/04 15:43:44 | 000,221,184 | ---- | M] (NOPWORLD) -- C:\Program Files\PromptCast\PromptCast.exe
PRC - [2003/10/06 15:19:10 | 000,081,920 | ---- | M] (TeamOn Systems, Inc. ) -- C:\Program Files\TMobile\PwpUpdtr.exe
PRC - [2003/04/10 05:08:25 | 000,016,384 | ---- | M] () -- C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
PRC - [2003/03/21 17:52:06 | 000,552,960 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
PRC - [2003/03/03 14:06:36 | 000,140,536 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\NISUM.EXE
PRC - [2003/03/03 14:05:18 | 000,034,040 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Personal Firewall\CCPXYSVC.EXE
PRC - [2003/02/21 05:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2003/02/21 04:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2002/11/14 00:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2002/10/16 21:20:20 | 000,073,728 | ---- | M] () -- C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
PRC - [2002/06/20 11:21:32 | 000,024,651 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
========== Modules (SafeList) ========== MOD - [2010/03/10 09:45:26 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
MOD - [2004/08/04 01:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2003/04/10 05:08:25 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\temp\IadHide4.dll
========== Win32 Services (SafeList) ========== SRV - [2010/02/15 13:05:38 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/15 13:05:36 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/25 15:01:30 | 000,441,344 | ---- | M] (Sammsoft) [Auto | Running] -- C:\Program Files\Hard Disk Tune-Up\HDTuneUpSrv.exe -- (Hard Disk Tune-Up)
SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2003/12/02 16:11:14 | 000,099,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2003/03/03 14:06:36 | 000,140,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\NISUM.EXE -- (NISUM)
SRV - [2003/03/03 14:05:18 | 000,034,040 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Personal Firewall\ccPxySvc.exe -- (ccPxySvc)
SRV - [2003/02/21 05:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)
SRV - [2002/11/22 13:49:22 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)
SRV - [2002/11/14 00:44:02 | 000,317,128 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.comIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost
[2010/03/06 14:09:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/03/06 14:17:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Search) - {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (Yahoo! Inc.)
O4 - HKCU..\Run: [PromptCast] C:\Program Files\PromptCast\PromptCast.exe (NOPWORLD)
O4 - HKCU..\Run: [TeamOnPwpUpdater-TMPwpCli] C:\Program Files\TMobile\PwpUpdtr.exe (TeamOn Systems, Inc. )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Drempels Desktop.lnk = C:\WINDOWS\drempels.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files\MemTurbo 4\MemTurbo.exe (SammSoft (
www.sammsoft.com))
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (interMute, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.com ([www] https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
http://usercenter.cox.net/rsuite/sdccom ... gctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0}
http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {50D05FAC-D462-4795-8818-738FCF776FBC}
https://myemail.t-mobile.com/html/web/c ... Client.cab (TMobile PwpClient DwnLdr Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftup ... 3950072293 (MUWebControl Class)
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4}
http://xms.keynote.com/applications/con ... uncher.cab (Keynote Connector Launcher)
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C}
http://www.surveys.com/promptcast/Insta ... 0SETUP.cab (Reg Error: Key error.)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
http://messenger.zone.msn.com/binary/Me ... b31267.cab (MessengerStatsClient Class)
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D}
https://fastconnectkitsetup.cox.net/wiz ... ctiveX.CAB (BinAg1 Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F}
http://v4.windowsupdate.microsoft.com/C ... 5300231481 (Reg Error: Key error.)
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890}
http://www.pulse3d.com/players/english/ ... 2AxWin.cab (Pulse V5 ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
http://zone.msn.com/binFramework/v10/ZI ... b34246.cab (ZoneIntro Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes
file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | RHS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/04/25 19:54:37 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)
========== Files/Folders - Created Within 14 Days ========== [2010/03/10 06:41:29 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2010/03/09 11:47:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/09 11:33:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/03/09 07:46:16 | 000,000,000 | ---D | C] -- C:\SysProt
[2010/03/07 12:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/03/07 12:24:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/07 12:24:13 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/07 12:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/07 12:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/07 12:23:20 | 005,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/03/06 15:18:34 | 000,177,928 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/03/06 15:08:57 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2010/03/06 13:55:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/06 13:55:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/06 13:55:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/06 13:55:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/06 13:54:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/06 13:43:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/06 13:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/05 14:09:37 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\fsbl.exe
[2010/03/02 15:38:48 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/02 14:01:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/02/24 15:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/15 12:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/15 12:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/15 12:52:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/15 12:52:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/07/09 16:22:15 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2005/02/20 15:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2005/02/20 15:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 14 Days ========== [2010/03/10 09:45:26 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/03/10 09:05:04 | 056,963,630 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/10 08:04:12 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/03/09 16:46:10 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\barryndiane ebay (2).url
[2010/03/09 15:21:25 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MemTurbo.lnk
[2010/03/09 15:20:33 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Login.job
[2010/03/09 15:19:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/09 15:19:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/09 15:19:33 | 637,063,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/09 11:47:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/09 11:35:35 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/03/09 11:35:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/03/09 11:32:55 | 003,883,629 | R--- | M] () -- C:\ComboFix.exe
[2010/03/09 07:50:10 | 000,100,908 | ---- | M] () -- C:\SystemLook.exe
[2010/03/09 07:45:39 | 000,354,396 | ---- | M] () -- C:\SysProt.zip
[2010/03/08 17:41:00 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google.url
[2010/03/08 07:00:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2010/03/07 12:24:17 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/07 12:23:34 | 005,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/03/06 15:10:38 | 000,177,928 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2010/03/06 15:07:02 | 000,154,657 | ---- | M] () -- C:\tdsskiller.zip
[2010/03/06 14:17:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/06 13:43:09 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/03/06 13:43:07 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/03/06 12:28:11 | 000,000,562 | ---- | M] () -- C:\hpfr5550.xml
[2010/03/06 11:18:30 | 000,000,171 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\barryndiane ebay.url
[2010/03/05 14:31:19 | 000,000,333 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MalWare Removal • View topic - Redirected in search engine.url
[2010/03/05 14:10:18 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\fsbl.exe
[2010/03/02 16:09:57 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\gmer.exe
[2010/03/02 15:38:30 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\RSIT.exe
[2010/02/26 12:23:42 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/26 11:43:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/24 15:47:12 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/03/09 07:50:04 | 000,100,908 | ---- | C] () -- C:\SystemLook.exe
[2010/03/09 07:45:38 | 000,354,396 | ---- | C] () -- C:\SysProt.zip
[2010/03/07 19:21:33 | 003,883,629 | R--- | C] () -- C:\ComboFix.exe
[2010/03/07 12:24:17 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/06 15:07:01 | 000,154,657 | ---- | C] () -- C:\tdsskiller.zip
[2010/03/06 13:55:02 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/06 13:55:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/06 13:55:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/06 13:55:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/06 13:55:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/06 13:43:07 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2010/03/06 13:43:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2010/03/05 14:31:19 | 000,000,333 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MalWare Removal • View topic - Redirected in search engine.url
[2010/03/02 16:09:43 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\gmer.exe
[2010/03/02 15:38:14 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\RSIT.exe
[2010/02/24 15:47:12 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2005/04/18 15:42:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2005/04/18 15:42:34 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
[2005/02/12 15:59:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/01/08 03:00:42 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/01/08 03:00:42 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\C70B12D71A.sys
[2004/10/26 16:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/10/02 17:52:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\KBPiano.ini
[2004/06/04 00:38:28 | 000,000,036 | ---- | C] () -- C:\WINDOWS\piclock.INI
[2003/11/26 08:27:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2003/11/25 08:08:57 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2003/11/24 04:28:26 | 000,000,242 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2003/11/17 20:32:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\hpothb07.tif
[2003/11/17 20:32:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\hpothb07.dat
[2003/11/17 20:21:26 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\hpothb07.tif
[2003/11/17 20:21:26 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\hpothb07.dat
[2003/11/17 19:33:24 | 000,000,423 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\hpothb07.dat
[2003/11/17 19:33:23 | 000,000,539 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\hpothb07.tif
[2003/11/07 13:21:39 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/10/24 19:52:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2003/10/09 17:52:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2003/08/27 20:38:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2003/08/27 20:18:16 | 000,098,304 | R--- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2003/08/27 20:09:00 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2003/08/27 20:09:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2003/08/27 20:06:38 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2003/08/27 20:06:38 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2003/08/27 20:04:11 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 1670.ini
[2003/08/23 23:29:46 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2003/08/23 22:52:54 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2003/08/23 22:52:54 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2003/08/19 11:01:32 | 000,001,648 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/04/25 19:11:33 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/04/10 05:33:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/04/10 05:33:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/10 05:10:20 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/10 05:08:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/10 05:08:01 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/10 05:07:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 05:00:09 | 000,000,535 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/10 04:59:52 | 000,000,808 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/10 04:53:45 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 04:36:30 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/10 04:16:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/10 04:06:11 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/10 04:06:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/10 04:05:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/10 03:53:32 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/10 03:37:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 01:08:18 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 01:08:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/03/19 17:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/11/22 13:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2002/05/24 09:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 09:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
========== LOP Check ========== [2010/02/15 13:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/15 13:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2004/12/31 22:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.0.0602
[2005/07/23 12:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2005/04/12 15:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/02/15 12:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/04/18 17:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/03/04 21:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2004/08/31 14:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2003/04/10 04:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2003/04/10 04:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2005/04/22 10:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Keynote Systems
[2003/08/27 20:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/02/13 20:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sammsoft
[2003/04/10 05:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2003/10/15 19:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smart Panel
[2006/02/28 11:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2003/11/26 13:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/03/08 07:00:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2010/03/09 11:32:55 | 003,883,629 | R--- | M] () -- C:\ComboFix.exe
[2010/03/05 14:10:18 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\fsbl.exe
[2010/03/07 12:23:34 | 005,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2010/03/10 09:45:26 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2010/03/09 07:50:10 | 000,100,908 | ---- | M] () -- C:\SystemLook.exe
< MD5 for: AGP440.SYS >[2004/08/20 21:18:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/20 21:18:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/04 00:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
[2001/08/17 21:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/20 21:18:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/08/20 21:18:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/08/29 06:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 23:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002/10/24 16:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: CLASSPNP.SYS >[2002/08/29 06:00:00 | 000,046,336 | ---- | M] (Microsoft Corporation) MD5=4E86B33AFF1A6AF46889CBCF90F0C8F0 -- C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys
[2004/08/04 00:14:26 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
[2004/08/04 00:14:26 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINDOWS\system32\dllcache\classpnp.sys
[2004/08/04 00:14:26 | 000,049,664 | ---- | M] (Microsoft Corporation) MD5=D86173B401470F06D9810F7962969DDF -- C:\WINDOWS\system32\drivers\classpnp.sys
< MD5 for: DISK.SYS >[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:disk.sys
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/20 21:18:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:disk.sys
[2004/08/20 21:18:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2004/08/03 23:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2004/08/03 23:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\dllcache\disk.sys
[2004/08/03 23:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2002/08/29 06:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) MD5=D1B16340CEACEECBF52340A0CBDF43E1 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
< MD5 for: EVENTLOG.DLL >[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 01:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2002/08/29 06:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >[2002/08/29 06:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 01:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 01:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2002/08/29 06:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav >[2003/04/09 20:40:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/09 15:18:13 | 016,777,216 | -HS- | M] () -- C:\WINDOWS\system32\config\ru8knnrb.sav
[2003/04/09 20:40:23 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/04/09 20:40:23 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8A26DAA
< End of report >