BleepingComputer.com: Infected with Atapi.sys virus, plus a large number of quarantined viruses

You can delete all those things manually, but they should dissapear after doing the OTL cleanup.

That is my worry; I did the OTL cleanup, but all those items did not disappear. Perhaps I did it wrong? Should I re-download OTL and try again?

Thank you very much for the help.

No need to, just delete those things manually

Alright, I manually deleted the tools (Malwarebytes, DDS, RootkitRepeal, GMER logs, ESETScan, etc.). Then I did as you said for hiding hidden folders and files.

But before creating a system restore point, I worry about the fact that the atapi.sys virus may still be active on my machine. The anti-virus programs seems to pop up once every 1-2 days reminding me about the quarantined viruses. It says it cannot delete them, and one of them (atapi.sys) it was apparently unable to quarantine at all. It simply says "left alone."

I therefore worry that if I create a restore point, the restore point will have an active virus in it.

Do you have any suggestion? Thank you very much for all the help.

This version of atapi.sys is in the Quarantine folder from CF, which you should delete manually, so I really don't understand the problem

Sorry; I still see the atapi listed in Symantec as "left alone," but perhaps it is now deleted?

My remaining difficulty was wondering why the quarantined viruses cannot be deleted.

Some of them came from that Combofix (Qoobox) file, but others do not, e.g. a rootkit called "diskmgr.sys" located at: C:\WINDOWS\system32\, or other viruses titled "votojoye.dll," "yeyozoda.dll," "nehozipa.dll," etc.

The system was not able to clean these viruses, but instead quarantined them, and usually once per day it has a message asking me to clean them. But its attempt to clean it has so far always failed, so I am wondering if there is a way to get rid of them permanently. I had thought the use of OTL, Combofix, etc. would delete all these quarantined viruses.

Is there any way to be sure I have deleted all components of Combofix? Was it sufficient to delete the icon on the desktop, or is there some other file to be deleted?


Thank you very much for the help, and apologies for the confusion. I hope I have explained it better.

This seems to be old entries in your symantec. Please delete Combofix from your desktop and C:\Qoobox if present. Then everything is gone .

I deleted Combofix from the desktop, but did not see any C://Qoobox. Should I simply ignore the daily message from Symantec asking about deleting the quarantined viruses?

I created the system restore point as directed.

I also tried to get some of the updates and directions you suggested in the message where you wrote about practicing "safe Internet." If you might have time to answer what will hopefully be my last questions, I very much appreciate it. If not, thank you sincerely for all the help:

1. Regarding the Secunia Software scan, which tells which programs may be at risk, they suggest a number of executable files (Real Player, Java, etc.). I was wondering if it is safe to download these .exe files, since you seemed to indicate caution lest an .exe file have another virus. Also, although I already updated Java, for instance (this seems to be important for protecting against malware), the Secunia scan tells me it is out of date. Is it possible that the scan is inaccurate, or did I do something wrong perhaps?

2. Despite deleting all the tools, Combofix, OTL, etc., those quarantined viruses are still there, and Symantec keeps saying that it cannot delete them. Even though they are quarantined, and hopefully cannot further infect the system, is there any way to permanently delete them?

Thank you very much again for the help.

Please tell me where Symantec detects those entries.

I cannot see the full file names, but here are a few locations:

1. Backdoor.Trojan in: C:\autoexec.exe

2. JS.SecurityToolFraud.B in: C:\Documents and Settings\Michael O'Halloran\Local Settings\Application Data\Mozilla\Firefox\Profiles\8qq85l1q.default\Cache\

3. C:\WINDOWS\system32\yihazuso... (there are numerous others like this with strange names, e.g. C:\WINDOWS\system32\yeyozoda..., C:\WINDOWS\system32\pamukuhu..., C:\WINDOWS\system32\votojoye..., etc.)

4. Hacktool.Rootkit in: C:\WINDOWS\system32\diskmgr...

5. C:\Qoobox\Quarantine\C\WINDOWS\system32\ (there are numerous ones like this which show up also, although I thought I deleted Combofix).

Thank you very much for the help.

This post has been edited by mike8387: 13 February 2010 - 01:37 PM

Ok, let's do this:


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.

When finished, it will produce a report for you.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Hello,

I tried again to disable Symantec Antivirus, but despite having done so (or so it seemed), Combofix again told me that it was still running. I did not disable the Windows Firewall, but I was not sure if this was necessary.

I also had already created a system restore point, received various updates, and re-hidden the files and folders (having assumed that the machine was more or less clean, I started to implement those steps you had written earlier). I hope this did not make a difference.

Here is the log:

ComboFix 10-02-12.01 - Michael O'Halloran 02/13/2010 20:54:53.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.456 [GMT -5:00]
Running from: c:\documents and settings\Michael O'Halloran\Desktop\schrauber.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-01-14 to 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-12 01:21 . 2010-02-12 01:20 38784 ----a-w- c:\documents and settings\Michael O'Halloran\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-12 01:20 . 2010-02-12 01:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-12 00:43 . 2010-02-12 00:43 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-12 00:43 . 2010-02-12 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-12 00:26 . 2010-02-12 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-11 23:51 . 2010-02-11 23:51 -------- d-sh--w- c:\documents and settings\Michael O'Halloran\IECompatCache
2010-02-11 23:51 . 2010-02-11 23:51 -------- d-sh--w- c:\documents and settings\Michael O'Halloran\PrivacIE
2010-02-11 16:07 . 2010-02-11 16:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-11 15:42 . 2010-02-11 15:42 -------- d-----w- c:\windows\system32\scripting
2010-02-11 15:42 . 2010-02-11 15:42 -------- d-----w- c:\windows\l2schemas
2010-02-11 15:42 . 2010-02-11 15:42 -------- d-----w- c:\windows\system32\en
2010-02-11 15:42 . 2010-02-11 15:42 -------- d-----w- c:\windows\system32\bits
2010-02-11 15:28 . 2010-02-11 15:28 -------- d-----w- c:\windows\EHome
2010-02-11 05:50 . 2010-02-11 05:50 -------- d-sh--w- c:\documents and settings\Michael O'Halloran\IETldCache
2010-02-11 05:43 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-11 05:42 . 2010-02-11 05:42 -------- d-----w- c:\windows\ie8updates
2010-02-11 05:41 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-11 05:41 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-11 05:38 . 2010-02-11 05:40 -------- dc-h--w- c:\windows\ie8
2010-02-11 05:23 . 2010-02-12 00:26 152576 ----a-w- c:\documents and settings\Michael O'Halloran\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-01 06:06 . 2010-02-01 06:06 -------- d-----w- c:\documents and settings\Michael O'Halloran\Application Data\Malwarebytes
2010-02-01 06:06 . 2010-02-01 06:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-01 06:06 . 2010-02-09 02:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 01:04 . 2010-01-18 06:09 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-18 01:04 . 2010-01-18 06:09 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-17 18:13 . 2010-01-17 18:13 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-01-17 17:59 . 2010-01-18 05:25 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-17 17:59 . 2010-01-18 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-01-17 17:55 . 2010-01-17 17:55 -------- d-----w- c:\documents and settings\Michael O'Halloran\Local Settings\Application Data\Downloaded Installations
2010-01-17 05:33 . 2010-01-19 01:52 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 01:52 . 2005-11-22 17:46 -------- d-----w- c:\program files\Symantec AntiVirus
2010-02-12 00:49 . 2005-10-20 03:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-11 15:45 . 2004-08-07 13:10 82791 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-11 15:10 . 2005-04-29 12:33 -------- d-----w- c:\program files\Java
2010-02-11 05:23 . 2009-11-29 04:31 79488 ----a-w- c:\documents and settings\Michael O'Halloran\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-24 00:45 . 2009-09-25 20:38 -------- d-----w- c:\documents and settings\Michael O'Halloran\Application Data\HpUpdate
2010-01-18 06:09 . 2010-01-18 01:04 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-18 06:09 . 2010-01-18 01:04 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-31 16:50 . 2004-08-04 08:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-04 08:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-04 08:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 08:00 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 08:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-04 08:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2004-08-04 08:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2004-08-04 08:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 08:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-04 08:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 08:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-04 08:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:51 . 2004-08-04 08:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-19 180269]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-08-03 124232]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 10:18 AM 200192]
S3 diskmgr;diskmgr;\??\c:\windows\system32\diskmgr.sys --> c:\windows\system32\diskmgr.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [8/2/2004 7:36 PM 173392]
.
Contents of the 'Scheduled Tasks' folder

2010-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-02-02 c:\windows\Tasks\HP DArC Task 2004-05-12 09:44ewlett-PackardHewlett-Packard Companyeskjet3600----a-w-H467182476B.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2004-05-12 19:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Michael O'Halloran\Application Data\Mozilla\Firefox\Profiles\8qq85l1q.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 21:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????0?6?2?4??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2980)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-13 21:03:04
ComboFix-quarantined-files.txt 2010-02-14 02:02

Pre-Run: 43,222,114,304 bytes free
Post-Run: 43,203,588,096 bytes free

- - End Of File - - 3A0CFDB61B7E5CFF02A73AAA6E0325A3

This post has been edited by mike8387: 13 February 2010 - 09:12 PM

Hi,

Please download OTL again, set the time up to 90 days and hit the run scan button, post back with the content of the 2 logfiles.

Hello,

I will post first here the OTL.txt. Thank you very much for the help:

OTL logfile created on: 2/15/2010 12:08:18 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Michael O'Halloran\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 459.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 39.97 Gb Free Space | 71.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHAELO
Current User Name: Michael O'Halloran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/15 00:07:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael O'Halloran\Desktop\OTL.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/08 14:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/19 17:21:58 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/04/11 12:00:00 | 000,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/04/11 08:31:26 | 000,360,448 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/04/01 17:11:14 | 000,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2005/03/04 14:16:18 | 000,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\Shared\hpqwmi.exe
PRC - [2005/02/22 18:32:14 | 000,038,912 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/02/02 07:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/02 07:11:12 | 000,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2004/12/03 15:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/08/02 19:36:40 | 000,124,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/08/02 19:36:32 | 001,267,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/08/02 19:36:26 | 000,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/05/12 14:18:56 | 000,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hp\hpcoretech\hpcmpmgr.exe
PRC - [2003/09/01 06:42:50 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe


========== Modules (SafeList) ==========

MOD - [2010/02/15 00:07:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael O'Halloran\Desktop\OTL.exe
MOD - [2005/02/02 07:12:14 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2005/04/11 08:31:26 | 000,360,448 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/03/04 14:16:18 | 000,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\HPQ\Shared\hpqwmi.exe -- (hpqwmi)
SRV - [2005/02/22 18:32:14 | 000,038,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2004/08/02 19:36:36 | 000,173,392 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/08/02 19:36:32 | 001,267,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/08/02 19:36:26 | 000,030,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/07/15 03:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Driver Services (SafeList) ==========

DRV - [2010/02/13 04:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100213.008\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/13 04:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100213.008\NAVENG.SYS -- (NAVENG)
DRV - [2008/04/15 03:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/04/11 08:33:52 | 001,035,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/16 07:43:06 | 000,159,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/03/03 14:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/02/18 10:42:02 | 000,349,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/02/18 10:41:18 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/02/02 06:58:58 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/01/26 04:03:00 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/01/18 11:52:16 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/12/15 10:18:30 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2004/12/15 10:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 10:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/11 18:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 03:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/04/14 09:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/03/22 18:16:26 | 000,338,176 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2004/03/17 06:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/03/04 23:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 15:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 15:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003/06/06 13:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/11 19:07:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/12 09:55:50 | 000,000,000 | ---D | M]

[2008/08/26 20:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael O'Halloran\Application Data\Mozilla\Extensions
[2010/02/12 09:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael O'Halloran\Application Data\Mozilla\Firefox\Profiles\8qq85l1q.default\extensions
[2010/02/11 19:43:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/31 21:29:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/01/30 18:46:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1130081505343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\Hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael O'Halloran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael O'Halloran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/02/15 00:07:40 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael O'Halloran\Desktop\OTL.exe
[2010/02/13 20:54:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/13 20:54:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/13 20:54:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/13 20:54:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/13 20:53:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/11 20:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/02/11 19:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/02/11 19:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/02/11 19:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/02/11 19:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/02/11 19:06:41 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/11 18:51:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Michael O'Halloran\IECompatCache
[2010/02/11 18:51:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Michael O'Halloran\PrivacIE
[2010/02/11 11:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/11 10:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/02/11 10:42:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/02/11 10:42:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/02/11 10:42:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/02/11 10:28:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/02/11 10:28:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/02/11 00:50:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Michael O'Halloran\IETldCache
[2010/02/11 00:42:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/11 00:38:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/11 00:26:22 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/11 00:26:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/11 00:26:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/01 01:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael O'Halloran\Application Data\Malwarebytes
[2010/02/01 01:06:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/01 01:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/19 18:03:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/17 13:59:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/17 12:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/01/17 12:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/01/17 12:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael O'Halloran\Local Settings\Application Data\Downloaded Installations
[2010/01/17 00:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/01/13 12:04:04 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/16 13:43:27 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/14 02:08:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/08 04:23:28 | 000,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/11/30 22:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael O'Halloran\My Documents\Downloads
[2009/11/27 12:11:44 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009/11/27 11:37:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2009/11/27 11:37:27 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2009/11/27 11:07:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009/11/27 11:07:34 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2008/09/18 21:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/07/10 16:52:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/12/13 14:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/01/14 20:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/11/22 12:26:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/11/19 15:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[6 C:\Documents and Settings\Michael O'Halloran\My Documents\*.tmp files -> C:\Documents and Settings\Michael O'Halloran\My Documents\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/02/15 00:07:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael O'Halloran\Desktop\OTL.exe
[2010/02/14 23:08:39 | 000,226,304 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\spiritual reading.doc
[2010/02/14 16:24:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/14 16:23:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/14 16:22:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/14 16:22:38 | 938,004,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/14 13:02:35 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Michael O'Halloran\NTUSER.DAT
[2010/02/14 13:02:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Michael O'Halloran\ntuser.ini
[2010/02/13 21:51:16 | 000,322,560 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Catholic Reading.doc
[2010/02/13 21:00:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/13 19:19:06 | 003,857,112 | R--- | M] () -- C:\Documents and Settings\Michael O'Halloran\Desktop\schrauber.exe
[2010/02/13 14:34:42 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\philosophy.doc
[2010/02/13 00:31:09 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\resume2.doc
[2010/02/12 15:56:25 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\books.doc
[2010/02/11 22:09:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/11 22:06:11 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Bookmarks.doc
[2010/02/11 21:34:59 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\V2.doc
[2010/02/11 20:21:10 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/02/11 19:50:07 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/11 19:09:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/11 19:06:01 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\AT.doc
[2010/02/11 18:58:56 | 000,120,320 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\fix.doc
[2010/02/11 18:37:07 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Romans1.doc
[2010/02/11 18:30:10 | 000,439,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/11 18:30:10 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/11 18:30:10 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/11 11:18:09 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\jobs.doc
[2010/02/11 11:06:23 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/11 10:34:07 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/02/11 00:23:39 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Treatise on the Divine Nature.doc
[2010/02/09 00:40:51 | 000,058,968 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/09 00:40:14 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\zappos.doc
[2010/02/05 15:52:35 | 000,549,376 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Quotes.doc
[2010/02/02 10:39:00 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#deskjet3600#TH467182476B.job
[2010/02/01 15:21:07 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\CV.doc
[2010/02/01 15:21:05 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\CV2.doc
[2010/01/30 18:46:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/30 12:10:49 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\q's.doc
[2010/01/19 18:03:37 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/19 17:53:44 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\zibigihu
[2010/01/18 20:52:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/18 01:09:22 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/01/18 01:09:22 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/01/18 01:09:22 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/01/18 01:09:21 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/01/17 23:40:01 | 000,064,512 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Thomistic axioms.doc
[2010/01/17 13:10:58 | 000,002,342 | ---- | M] () -- C:\rollback.ini
[2010/01/16 00:12:47 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Romans2.doc
[2010/01/15 00:56:58 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\cover letter.doc
[2010/01/08 02:28:25 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Natural Theology.doc
[2010/01/05 05:00:21 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/01/04 01:54:08 | 000,209,920 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\St.TA.doc
[2010/01/02 19:07:02 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Catechism.doc
[2010/01/01 14:31:41 | 000,174,080 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Treatise on Virtue (I-II, qq. 49-67.doc
[2010/01/01 14:26:17 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Treatise on Law.doc
[2010/01/01 01:35:13 | 001,597,952 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\night.doc
[2009/12/31 11:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/31 10:33:06 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009/12/27 21:06:57 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Summa contra Gentiles.doc
[2009/12/25 20:10:52 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Summa Theologiae.doc
[2009/12/22 23:21:05 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Polyphony.doc
[2009/12/21 14:14:05 | 001,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/12/21 14:14:05 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/12/21 14:14:04 | 005,942,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/12/21 14:14:04 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/12/21 14:14:03 | 001,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/21 14:14:03 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/12/21 14:14:03 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/12/21 14:14:03 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/12/21 14:14:03 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/21 14:14:03 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/12/21 14:14:03 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/12/21 14:14:03 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/12/21 14:14:03 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/21 14:14:03 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/12/21 14:14:03 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/12/21 14:14:02 | 011,070,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/21 14:14:01 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/12/21 14:14:01 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/12/21 08:19:18 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/12/21 08:19:18 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/12/16 13:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/12/16 13:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/14 02:08:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/14 02:08:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2009/12/14 00:41:47 | 000,104,448 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\715.doc
[2009/12/13 15:49:35 | 000,454,144 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Master's2.doc
[2009/12/12 10:52:21 | 000,218,112 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\notes.doc
[2009/12/10 15:07:51 | 000,057,344 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\715final.doc
[2009/12/09 22:54:07 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/08 14:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2009/12/08 14:27:51 | 002,189,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/12/08 14:26:15 | 002,145,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/12/08 13:43:51 | 002,023,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/12/08 13:43:50 | 002,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2009/12/08 13:43:50 | 002,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/12/08 04:23:28 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/12/04 21:34:12 | 000,248,320 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\MastersThesis.doc
[2009/12/04 13:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/12/01 22:17:30 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\842.doc
[2009/12/01 21:19:39 | 000,238,367 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\MastersThesisPDF.PDF
[2009/12/01 19:49:34 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\CUA.doc
[2009/12/01 00:22:07 | 000,128,000 | ---- | M] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\776.doc
[2009/11/27 12:11:44 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll
[2009/11/27 12:11:44 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/11/27 12:11:44 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2009/11/27 11:07:35 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidc32.dll
[2009/11/27 11:07:35 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2009/11/27 11:07:34 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/11/27 11:07:34 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll
[2009/11/27 11:07:34 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2009/11/27 11:07:34 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2009/11/21 10:51:42 | 001,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/11/21 10:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[6 C:\Documents and Settings\Michael O'Halloran\My Documents\*.tmp files -> C:\Documents and Settings\Michael O'Halloran\My Documents\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\zibigihu
[2010/02/13 20:54:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/13 20:54:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/13 20:54:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/13 19:19:06 | 003,857,112 | R--- | C] () -- C:\Documents and Settings\Michael O'Halloran\Desktop\schrauber.exe
[2010/02/12 15:56:24 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\books.doc
[2010/02/11 20:21:10 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2010/02/11 19:50:05 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/09 00:40:13 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\zappos.doc
[2010/02/06 20:03:36 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\AT.doc
[2010/01/19 18:03:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/19 18:03:32 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/01/17 20:04:40 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/01/17 20:04:40 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/01/17 20:04:40 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/01/17 20:04:40 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/01/17 13:59:59 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/17 13:59:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/17 13:10:58 | 000,002,342 | ---- | C] () -- C:\rollback.ini
[2010/01/17 01:21:12 | 000,120,320 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\fix.doc
[2010/01/17 00:33:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/08 02:28:15 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Romans2.doc
[2010/01/06 18:40:07 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\cover letter.doc
[2009/12/31 18:24:53 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\CV2.doc
[2009/12/25 20:10:52 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Summa Theologiae.doc
[2009/12/22 23:12:02 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Polyphony.doc
[2009/12/19 17:44:37 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Natural Theology.doc
[2009/12/07 22:01:34 | 000,057,344 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\715final.doc
[2009/12/01 21:19:37 | 000,238,367 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\MastersThesisPDF.PDF
[2009/11/24 19:47:13 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\My Documents\Bookmarks.doc
[2007/10/08 14:19:22 | 000,000,011 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2007/10/03 22:20:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/13 15:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FoneSync.INI
[2006/10/01 22:54:53 | 000,003,008 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/10/01 22:54:53 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/10/01 21:02:15 | 000,007,520 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2005/11/22 12:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/10/19 12:15:35 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/18 19:25:20 | 000,000,478 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/10/18 14:46:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael O'Halloran\Application Data\wklnhst.dat
[2005/10/18 14:42:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/29 07:54:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/04/29 07:54:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/04/29 07:54:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/04/29 07:54:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/04/29 07:54:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/04/29 07:54:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/04/29 07:42:10 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 03:33:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 08:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:08 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
< End of report >


And here is Extras.txt:

OTL Extras logfile created on: 2/15/2010 12:08:18 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Michael O'Halloran\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 459.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 39.97 Gb Free Space | 71.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MICHAELO
Current User Name: Michael O'Halloran
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A2
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91A5B6C0-EF4E-4830-AC7D-6761C0A9B292}" = hp deskjet 3600
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B2
"{D1E8DC27-C3CD-4DD8-B37B-D26D7D7CFCBD}" = HP User Guides 0002
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C" = Data Fax SoftModem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = Texas Instruments PCIxx21/x515 drivers.
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2010 8:41:57 PM | Computer Name = MICHAELO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 1/29/2010 7:22:54 PM | Computer Name = MICHAELO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv!inf in File: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir
by: Scheduled scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged. Threat Found!Threat: Packed.Generic.277 in File: C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTmywqxvmvrd.dll.vir
by: Scheduled scan. Action: Quarantine succeeded. Action Description: The file
was quarantined successfully. Threat Found!Threat: Packed.Generic.277 in File: C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTqalkrwbxte.dll.vir
by: Scheduled scan. Action: Quarantine succeeded. Action Description: The file
was quarantined successfully. Threat Found!Threat: Trojan.FakeAV!gen17 in File:
C:\Qoobox\Quarantine\C\WINDOWS\system32\IS15.exe.vir by: Scheduled scan. Action:
Quarantine succeeded. Action Description: The file was quarantined successfully.



Error - 1/29/2010 7:25:25 PM | Computer Name = MICHAELO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Hacktool.Rootkit in File: C:\WINDOWS\system32\diskmgr.sys
by: Scheduled scan. Action: Quarantine succeeded. Action Description: The file
was quarantined successfully.

Error - 1/30/2010 8:42:02 PM | Computer Name = MICHAELO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Hacktool.Rootkit in File: C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2\A0000137.sys
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 2/1/2010 8:04:49 PM | Computer Name = MICHAELO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Backdoor.Tidserv!inf in File: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 2/2/2010 4:17:58 PM | Computer Name = MICHAELO | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Hacktool.Rootkit in File: C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP3\A0000239.sys
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 2/8/2010 11:24:29 PM | Computer Name = MICHAELO | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2010 11:24:30 PM | Computer Name = MICHAELO | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/8/2010 11:24:41 PM | Computer Name = MICHAELO | Source = Application Hang | ID = 1001
Description = Fault bucket 1553673221.

Error - 2/8/2010 11:24:48 PM | Computer Name = MICHAELO | Source = Application Hang | ID = 1001
Description = Fault bucket 1553673221.

[ System Events ]
Error - 2/12/2010 1:57:38 PM | Computer Name = MICHAELO | Source = BCM43XX | ID = 5003
Description = Broadcom 802.11b/g WLAN : Could not find an adapter.

Error - 2/12/2010 7:14:34 PM | Computer Name = MICHAELO | Source = BCM43XX | ID = 5003
Description = Broadcom 802.11b/g WLAN : Could not find an adapter.

Error - 2/13/2010 11:40:56 AM | Computer Name = MICHAELO | Source = BCM43XX | ID = 5003
Description = Broadcom 802.11b/g WLAN : Could not find an adapter.

Error - 2/13/2010 2:15:53 PM | Computer Name = MICHAELO | Source = BCM43XX | ID = 5003
Description = Broadcom 802.11b/g WLAN : Could not find an adapter.

Error - 2/13/2010 2:17:15 PM | Computer Name = MICHAELO | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 2/13/2010 2:17:15 PM | Computer Name = MICHAELO | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 2/13/2010 7:16:26 PM | Computer Name = MICHAELO | Source = BCM43XX | ID = 5003
Description = Broadcom 802.11b/g WLAN : Could not find an adapter.

Error - 2/14/2010 9:17:23 AM | Computer Name = MICHAELO | Source = BCM43XX | ID = 5003
Description = Broadcom 802.11b/g WLAN : Could not find an adapter.

Error - 2/14/2010 12:58:28 PM | Computer Name = MICHAELO | Source = BCM43XX | ID = 5003
Description = Broadcom 802.11b/g WLAN : Could not find an adapter.

Error - 2/14/2010 5:23:19 PM | Computer Name = MICHAELO | Source = BCM43XX | ID = 5003
Description = Broadcom 802.11b/g WLAN : Could not find an adapter.


< End of report >