Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with password stealer w32/Pws.BXEF


  • This topic is locked This topic is locked
36 replies to this topic

#16 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:34 PM

Posted 16 August 2011 - 05:33 PM

Hello,

Lets get rid of that file.

1.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Killall::

File::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\uninstall.exe
C:\vseqrntn.bin

Driver::
06667804


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


2.
Lets try and run TDSSKiller again in normal mode and safemode if needed.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.5.6.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


3.
Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.

Things to include in your next reply::
Combofix.txt
TDssKIller log
MBRCheck log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


BC AdBot (Login to Remove)

 


#17 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 18 August 2011 - 09:45 AM

Hi,

I ran ComboFix and it asked if I wanted to update and I said ok. Log file is attached.

I ran TDSS in normal mode and it asked if I wanted to update and I said ok. After it started to run I got the blue screen of death.

I ran TDSS in safe mode and after it started it reset the computer.
Noticed it did produce two log files (see below).

I ran MBR and the log file is below.

Your system is saying I have used 509.96K of 512k limit. Can you reset that?

Note: The Error message still appears...



2011/08/18 09:49:12.0000 0712 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/18 09:49:12.0375 0712 ================================================================================
2011/08/18 09:49:12.0375 0712 SystemInfo:
2011/08/18 09:49:12.0375 0712
2011/08/18 09:49:12.0375 0712 OS Version: 5.0.2195 ServicePack: 4.0
2011/08/18 09:49:12.0375 0712 Product type: Workstation
2011/08/18 09:49:12.0375 0712 ComputerName: MIKE4
2011/08/18 09:49:12.0375 0712 UserName: mike b
2011/08/18 09:49:12.0375 0712 Windows directory: C:\WINNT
2011/08/18 09:49:12.0375 0712 System windows directory: C:\WINNT
2011/08/18 09:49:12.0375 0712 Processor architecture: Intel x86
2011/08/18 09:49:12.0375 0712 Number of processors: 1
2011/08/18 09:49:12.0375 0712 Page size: 0x1000
2011/08/18 09:49:12.0375 0712 Boot type: Normal boot
2011/08/18 09:49:12.0375 0712 ================================================================================



2011/08/18 10:04:07.0968 0436 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/18 10:04:08.0125 0436 ================================================================================
2011/08/18 10:04:08.0125 0436 SystemInfo:
2011/08/18 10:04:08.0125 0436
2011/08/18 10:04:08.0125 0436 OS Version: 5.0.2195 ServicePack: 4.0
2011/08/18 10:04:08.0125 0436 Product type: Workstation
2011/08/18 10:04:08.0125 0436 ComputerName: MIKE4
2011/08/18 10:04:08.0125 0436 UserName: mike b
2011/08/18 10:04:08.0125 0436 Windows directory: C:\WINNT
2011/08/18 10:04:08.0125 0436 System windows directory: C:\WINNT
2011/08/18 10:04:08.0125 0436 Processor architecture: Intel x86
2011/08/18 10:04:08.0125 0436 Number of processors: 1
2011/08/18 10:04:08.0125 0436 Page size: 0x1000
2011/08/18 10:04:08.0125 0436 Boot type: Safe boot
2011/08/18 10:04:08.0125 0436 ================================================================================



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 2000 Professional
Windows Information: Service Pack 4 (build 2195)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 75):
0x80400000 \WINNT\System32\ntoskrnl.exe
0x80062000 \WINNT\System32\hal.dll
0xEB810000 \WINNT\System32\BOOTVID.dll
0xBFFD8000 ACPI.sys
0xEB9C8000 \WINNT\System32\DRIVERS\WMILIB.SYS
0xEB400000 pci.sys
0xEB410000 isapnp.sys
0xEB9C9000 pciide.sys
0xEB680000 \WINNT\System32\DRIVERS\PCIIDEX.SYS
0xEB900000 intelide.sys
0xEB688000 MountMgr.sys
0xBFFBB000 ftdisk.sys
0xEB902000 Diskperf.sys
0xEB904000 dmload.sys
0xBFF99000 dmio.sys
0xEB814000 PartMgr.sys
0xBFF83000 atapi.sys
0xEB818000 aha154x.sys
0xBFF70000 \WINNT\System32\DRIVERS\SCSIPORT.SYS
0xEB690000 sparrow.sys
0xEB81C000 fd16_700.sys
0xEB420000 aic78xx.sys
0xEB820000 mraid35x.sys
0xEB430000 aic78u2.sys
0xEB440000 adpu160m.sys
0xEB450000 ultra.sys
0xEB460000 fasttrak.sys
0xEB824000 mraid2k.sys
0xEB698000 disk.sys
0xEB470000 \WINNT\System32\DRIVERS\CLASSPNP.SYS
0xBFF4E000 fltmgr.sys
0xBFF3C000 KSecDD.sys
0xBFEBE000 Ntfs.sys
0xBFE94000 NDIS.sys
0xBFE7E000 Mup.sys
0xEB6A0000 agp440.sys
0xEB740000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xEB728000 \SystemRoot\System32\DRIVERS\uhcd.sys
0xBFE2B000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xEB750000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xEB780000 \SystemRoot\System32\DRIVERS\fdc.sys
0xEB490000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xEB798000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xEB894000 \SystemRoot\System32\DRIVERS\IPFilter.sys
0xEB7A8000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xEB4A0000 \SystemRoot\System32\Drivers\Cdr4_2K.SYS
0xEB7C8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xEB7D8000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xEB4B0000 \SystemRoot\System32\DRIVERS\parallel.sys
0xBFDE3000 \SystemRoot\System32\DRIVERS\ks.sys
0xEB9E7000 \SystemRoot\System32\DRIVERS\swenum.sys
0xBFDB8000 \SystemRoot\System32\DRIVERS\update.sys
0xEB6D8000 \SystemRoot\System32\DRIVERS\omci.sys
0xEB4C0000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xEB4D0000 \SystemRoot\System32\DRIVERS\usbhub20.sys
0xEB700000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xEB710000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xEB90C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEBA3A000 \SystemRoot\System32\Drivers\Null.SYS
0xEBA3C000 \SystemRoot\System32\Drivers\Beep.SYS
0xEB4F0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xEB8B4000 \SystemRoot\System32\drivers\vga.sys
0xEB758000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEB500000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEB7B0000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xEB788000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xEB8C0000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xEB7C0000 \SystemRoot\System32\Drivers\EFS.SYS
0xBFD4D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEBA67000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBFD37000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA0000000 \??\C:\WINNT\system32\win32k.sys
0xBFD22000 \SystemRoot\System32\vga.dll
0xBFB9A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x77F80000 \WINNT\SYSTEM32\NTDLL.DLL

Processes (total 14):
0 System Idle Process
8 System
120 \SystemRoot\System32\smss.exe
156 CSRSS.EXE
176 \??\C:\WINNT\system32\winlogon.exe
204 C:\WINNT\system32\services.exe
216 C:\WINNT\system32\savedump.exe
224 C:\WINNT\system32\lsass.exe
380 C:\WINNT\system32\svchost.exe
408 C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
424 C:\WINNT\System32\WBEM\WinMgmt.exe
440 C:\WINNT\system32\userinit.exe
272 C:\WINNT\Explorer.EXE
340 C:\Documents and Settings\mike b\Desktop\MBRCheck.exe

WARNING: Unsupported Windows version! Results may not be accurate!
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)

PhysicalDrive0 Model Number: ST320011A, Rev: 3.75

Size Device Name MBR Status
--------------------------------------------
18 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 2685C288E0FB09EB4A7F47702DA8030EBF8EFEEA


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

Attached Files



#18 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:34 PM

Posted 18 August 2011 - 09:24 PM

Hello,

Are you able to burn CDS? And have access to a USB FLash Drive? Do you have your Windows 2000 Instalation disc?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#19 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 19 August 2011 - 08:22 AM

I should be able to burn a CD. I have a USB flash drive. I have a Windows 2000 installation disk (not sure if it is the one that came with this computer).

#20 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:34 PM

Posted 19 August 2011 - 05:23 PM

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert it back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#21 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:34 PM

Posted 21 August 2011 - 07:04 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#22 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 22 August 2011 - 08:50 AM

Hi,

Sorry about the delay - I can only work on this during the week. It is a work computer. Here is the report.

Mon Aug 22 09:34:06 UTC 2011
Driver report for /mnt/sda2/WINNT/SYSTEM32/DRIVERS
e1cf967c41a6ea062c8bdf5ab25f0b00 18371404.sys has NO Company Name!
ca50c03159c4c28964cfd2432488b9fc 79877520.sys has NO Company Name!
e1cf967c41a6ea062c8bdf5ab25f0b00 96350972.sys has NO Company Name!
bdbe9b616de2868b782c73dc0630cdbe mac_ibm.sys has NO Company Name!
b9f5d26ef93178e956e524170d8a66cf mac_mot.sys has NO Company Name!

e1cf967c41a6ea062c8bdf5ab25f0b00 18371404.sys

ca50c03159c4c28964cfd2432488b9fc 79877520.sys

e1cf967c41a6ea062c8bdf5ab25f0b00 96350972.sys

75dc4c8ebab8bddea8b5cfba4f4bf799 97853767.sys
Kaspersky Lab

fd5f733bc03db0197fe4cdad007aa7d6 a302.sys
Intel Corporation

8a00b340352b3830eba6c99346627965 a303.sys
Intel Corporation

a5d03eb89d517160eb80d5a87d852814 a304.sys
Intel Corporation

c54b3db4f94f2fd7142df2742306255f a305.sys
Intel Corporation

061e4e081e2e15a531d6af2af3d31193 a306.sys
Intel Corporation

26aa1386504733b1bae94ce4b3e60be7 a307.sys
Intel Corporation

79b602925c54774e968083e46ef183d4 a308.sys
Intel Corporation

84f3c713ace144859b6bc690068d0b4d a309.sys
Intel Corporation

a84308017de9de3adb1de14139b3b3a5 a310.sys
Intel Corporation

2703614d8c19b537423d8229a06ce494 a311.sys
Intel Corporation

61dcc0e7c185b86cb12fb02eaa4c4c2d a312.sys
Intel Corporation

cb1237798ad53a3bfc6fafd3ca738f46 a313.sys
Intel Corporation

0976ab2002057dfe2ba9e6bbd751ca88 a314.sys
Intel Corporation

4b10b4db777ee2ef8e755e7f3d7c4fe8 acpiec.sys
Microsoft Corporation

083049d5dc3f32d17c2edfb732c78a09 acpi.sys
Microsoft Corporation

31b7c8770fda8a3a44bca9dcfe2d1e8b adpu160m.sys
Microsoft Corporation

632d753e9f103ebd30b18ce9f03596ab AFD.SYS
Microsoft Corporation

cddb71a90077c93bea5c72507f0b1394 agp440.sys
Microsoft Corporation

57fa6d0eea7194a77cd62973329dd76a AHA154X.SYS
Microsoft Corporation

b70b2ca4b97847c57e39051f3df41811 AIC78U2.SYS
Microsoft Corporation

ed843659d0eacf21cb12d96ab4d98c03 AIC78XX.SYS
Microsoft Corporation

5d3d77c9eb3a8e6a14cc8e1252b6cc5c asyncmac.sys
Microsoft Corporation

8c718aa8c77041b3285d55a0ce980867 atapi.sys
Microsoft Corporation

3e348b3313ea633d45caf59da0d631ba ATMARPC.SYS
Microsoft Corporation

0113fc0cc16810385efa11592d3234c6 atmlane.sys
Microsoft Corporation

c07288e94ca7e42a5c50fe234be361ac atmuni.sys
Microsoft Corporation

39d57104a45270f0d376e9ddb484ebbd AUDSTUB.SYS
Microsoft Corporation

ac3c7cbf6151d7b8db66357fbfad3f31 bdasup.sys
Microsoft Corporation

df012c2853281ce2bf536e8de871c8c1 BEEP.SYS
Microsoft Corporation

1478e6a09512235b9e119d2920477021 ccdecode.sys
Microsoft Corporation

b101e013d810d6125e17125e324fcd2c CDAUDIO.SYS
Microsoft Corporation

66c19373d5eb657fb028133bde5d2acb cdfs.sys
Microsoft Corporation

9880f86f4261699273f818ae50216b8c cdr4_2K.sys
Roxio

300500fb3ef21374f7194f9f42b130bc cdralw2k.sys
Roxio

4b86a90a7f0095d514d22a9083826488 cdrom.sys
Microsoft Corporation

dfda94ef82ebf7262d44ab250d09254f CINEMST2.SYS
Ravisent Technologies

226e4118bb0f58da5f919ea27d8d5856 CLASS2.SYS
Microsoft Corporation

397c92e61ce4b1764d17107a7473835c classpnp.sys
Microsoft Corporation

0ff275f1fa0ce98d9f19f34ec4753131 diskdump.sys
Microsoft Corporation

fd94497dd145b3920f5c393eab50ee3a diskperf.sys
Microsoft Corporation

322b9a3774dbf119f6635a476b0eb058 DISK.SYS
Microsoft Corporation

847a0ea2acea4605c81d29c6b8e565db DLC.SYS
Microsoft Corporation

0b91c63540682bc3c826fc6d8b3ecb7b dmboot.sys
VERITAS Software

6b35bfdbdbc247113852f18bf0f10e3c dmio.sys
VERITAS Software

3f1701ffa97ab012685abc8a2d6fce22 dmload.sys
VERITAS Software

3431984234b5988d4c09f043cf4cd779 DMusic.sys
Microsoft Corporation

bca14d9d8955387401f23a2a2514bced DXAPI.SYS
Microsoft Corporation

4754eb9f8a40d6be6a009622fe2530e8 e1000nt5.sys
Intel Corporation

b2916926428c0410fc1a26da0b650e41 efs.sys
Microsoft Corporation

42b84a53ae478073dbe6bfdbe683df96 EL90XBC5.SYS
Com Corporation

533478c99ca81fd700bcf6a2754ce793 fastfat.sys
Microsoft Corporation

d03e959bbd9b534486434dc40e73190c Fasttrak.sys
Promise Technology

29dab4083bc78729299d090a694080d6 FD16_700.SYS
Microsoft Corporation

233e2c4dae9c84cef241f0ea30619629 fdc.sys
Microsoft Corporation

b27a36d4725a362a13d0c52ad6c7175b FIPS.SYS
Microsoft Corporation

6ca845333da54f27a8657be7ee0b600d flpydisk.sys
Microsoft Corporation

f574c40cd0db393c361363cc21592f4a fltmgr.sys
Microsoft Corporation

405f231ad65c03dac70992a2aba759a5 fs_rec.sys
Microsoft Corporation

40e35ad2cff1d9226b6a13c143350e2c FSVGA.SYS
Microsoft Corporation

c757a3eefa44ea2d562424a4060329a6 ftdisk.sys
Microsoft Corporation

3b5db30ef0e1373e57387b748092934e ghsusb.sys
tHVS_VERSION_INFO?bStringFileInfoBVCompanyNameGreenHillsSoftware,Inc.bFileDescriptionGreenHillsProbeUSBdriverZFileVersionGreenHillsProbeUSBdriver.aInternalNameGHSUSB~-LegalCopyrightCopyrightGreenHillsSoftware,Inc.>vOriginalFilenameghsusb.sysProductNameGreenHillsProbe,AdvancedDebugInterfaceforMULTI,ProductVersion.DVarFileInfo$Translationt

b56eb0a2210980e76390bd670bcb618b gmer.sys
GMER

12c7623b8ffddf62aaacbd02af5e59ad hidclass.sys
Microsoft Corporation

87659dabc66257b861b81146c9b36671 hidparse.sys
Microsoft Corporation

ff2ca3c8d0193800e4fa510ffde0960e hidusb.sys
Microsoft Corporation

3b538e8a6b5e078406159edfe09a5e53 i8042prt.sys
Microsoft Corporation

85a36991a5ceaf9e65c4b743210e759b ialmkchw.sys
Intel Corporation

44b7d5a4f2bd9fe21aea0bb0bace38c4 ialmnt5.sys
Intel Corporation

afeffe0f8805fcd47b05cf1fbde08092 ialmsbw.sys
Intel Corporation

890e66a62ebab5fe7aab940abf5b25b6 ICHAUD.SYS
Microsoft Corporation

2c764febd7197e3331556fe215add934 intelide.sys
Microsoft Corporation

0f42b3db32c7325755c24bc5de3fff78 ipfilter.sys
Microsoft Corporation

09a604211e2b2334fc023a41337e3165 IPFLTDRV.SYS
Microsoft Corporation

dbc1437b56eea1af02cd39c011904491 IPINIP.SYS
Microsoft Corporation

adb8a3465c0fc01c3ae633adb33fcbb3 ipnat.sys
Microsoft Corporation

9d61c8e8044bdaac6d922eb27552f93a ipsec.sys
Microsoft Corporation

c1d8170dd857cdaca65ab6247afda75a irda.sys
Microsoft Corporation

7f5315e32be0632f680b30e03a2ca809 irenum.sys
Microsoft Corporation

77a0cbe898778f1f9c8333a71a80e6d4 irsir.sys
Microsoft Corporation

b630369ca276fd208c1b5146920b5f2e isapnp.sys
Microsoft Corporation

399055f5c4a98f39b47d26888a72145d kbdclass.sys
Microsoft Corporation

8e198ec9e823aa42edf45b07efe395ac kmixer.sys
Microsoft Corporation

80ffb99dcb8e6ab8a01be04fcb0b0758 ksecdd.sys
Microsoft Corporation

dc197a88746a55ae60d1c81d45cd1b4a ks.sys
Microsoft Corporation

2103bd93dcb8e267aed829cb24c6a427 LVCAM.SYS
Logitech

aef9aa9261dc271095753cc1e1abef07 LVCODEK.SYS
Logitech

2877bbbee506bec0bd5388bba407d730 LVSOUND.SYS
Logitech

bdbe9b616de2868b782c73dc0630cdbe mac_ibm.sys

b9f5d26ef93178e956e524170d8a66cf mac_mot.sys

b18225739ed9caa83ba2df966e9f43e8 mbamswissarmy.sys
Malwarebytes Corporation

56578eb3541c0639db681d0fdc851972 mbam.sys
Malwarebytes Corporation

72acded02dd52730906a43c20e8e1fda mf.sys
Microsoft Corporation

f9a1ccc84d1c8b392d67bf2e661ed334 MNMDD.SYS
Microsoft Corporation

37478d40030b15ca3860509d4f5d39d8 modem.sys
Microsoft Corporation

8d038dde3f19b88427968e99a6216766 mouclass.sys
Microsoft Corporation

75e57b9f5c36137ea79466c3b63c38cc mountmgr.sys
Microsoft Corporation

83eff7b976ae24f1a496ca94a8a19919 mpe.sys
Microsoft Corporation

abe9b8faf93a117ba7024a3da5673fc9 mqac.sys
Microsoft Corporation

729c792a08ab2266b76f17075fb2f73d MRAID2K.SYS
?banStringFileInfoBTCompanyNameAmericanMegatrends,Inc.FileDescriptionMEGARAIDSCSIControllerDriverforWindowsPAE.aFileVersion..LInternalNameUniversalMRAIDK.SYS/LegalCopyrightCopyrightAmericanMegatrends,Inc.@bOriginalFilenameMRAIDK.SYSt*ProductNameMegaRAIDMiniportDriverforWindowsaProductVersion..DVarFileInfo$Translationt<

e1e21de56b46a34b383eec316b052709 MRAID35X.SYS
?aStringFileInfoBRCompanyNameAmericanMegaTrendsInc.j!FileDescriptionMEGARAIDSCSIControllerDriver*FileVersion.:rInternalNamemraidx.sys.LegalCopyrightCopyrightAmericanMegaTrendsInc.BrOriginalFilenamemraidx.sysRProductNameMegaRAIDMiniportDriver.ProductVersion.DVarFileInfo$Translationt

fc5a904bc78d43f2f7f014bd0d239c6d mrxsmb.sys
Microsoft Corporation

18f91db630124c26f147fd41ea68394e msdv.sys
Microsoft Corporation

8840bc3953d2c0bbb104932cab848a27 MSFS.SYS
Microsoft Corporation

6667d07854a3ae7715d22b82761cf0e7 msgpc.sys
Microsoft Corporation

4eeff24af8b280c0567629c49738bf55 msircomm.sys
Microsoft Corporation

85736f804191cb420a31aca2a7f0674f mskssrv.sys
Microsoft Corporation

e943adb93d83c5cbc0ca3f53f53b48cc mspclock.sys
Microsoft Corporation

bb041315c9930063e5eab0bee90acff6 MSPQM.SYS
Microsoft Corporation

d5059366b361f0e1124753447af08aa2 mstee.sys
Microsoft Corporation

84d27503181b716a222299e59cd1259a mup.sys
Microsoft Corporation

bb1c45d114b6dab0babf6b2fb0336db2 nabtsfec.sys
Microsoft Corporation

c833146f3758b29ccf100fc32dad6fc4 NBF.SYS
Microsoft Corporation

abd7629cf2796250f315c1dd0b6cf7a0 ndisip.sys
Microsoft Corporation

fb4f2d0595bd3546a4dd915e4a9b4809 ndis.sys
Microsoft Corporation

e6f675c75c53887c58b98d6db356b153 ndistapi.sys
Microsoft Corporation

69ecae880bdac3c288f0508df9cdeef0 ndisuio.sys
Microsoft Corporation

b86a37aa73868343a9eee148fdfce1e0 ndiswan.sys
Microsoft Corporation

1f426863d87bdf75aec76584223cd0c7 NDPROXY.SYS
Microsoft Corporation

73c0f29643f54ebe777521c88535114a Netalrt.sys
Intel Corporation

5151e6020a26bf7bc21c18fd612506bd NETBIOS.SYS
Microsoft Corporation

a7ca87628217bbf4a6f501db65b19e9d netbt.sys
Microsoft Corporation

9b2a6147a22f7e696cc7538283de6346 NETDTECT.SYS
Microsoft Corporation

32616d58b4a5c666f1fdebd4084a01b5 nmnt.sys
Microsoft Corporation

fad815a20fd2f828673b5b3b281a8cc3 NMSCFG.SYS
Intel Corporation

24dc36105ad695d3472bfeaf1f4ec149 NMSDD.SYS
Intel Corporation

e85a77dfcb8f1088f85120ca123ce191 NPFS.SYS
Microsoft Corporation

05f6be0427ecb1d4f0985217f30f49f2 npf.sys
H`tVS_VERSION_INFO?aStringFileInfobCommentsb!CompanyNameNetGroup-PolitecnicodiTorinoFileDescriptionnpfbFileVersion,,,vInternalNameNPF+TMEPLegalCopyrightCopyright-(LegalTrademarksbOriginalFilenamenpf.sysPrivateBuildl&ProductNameWinPcapNetgroupPacketFilterDriver<bProductVersion,,,SpecialBuildDVarFileInfo$Translation

7dc1f0f9bf87ca5cee9a46c9a63dc1d3 ntfs.sys
Microsoft Corporation

280209cde798720a24d232bf9cfda8e9 NULL.SYS
Microsoft Corporation

7e0fa667ecb04e1d5d6dcd4227515673 NV4.SYS
NVIDIA Corporation

9b0d6fb5c5d6a7571aedb0c1a7a9c1b6 NWLNKFLT.SYS
Microsoft Corporation

09fa39e4812fdd042834650df09675a0 NWLNKFWD.SYS
Microsoft Corporation

f157c86b9f6039e08112b8924ff5d548 NWLNKIPX.SYS
Microsoft Corporation

746d4aea42a96942b8309bf16ae589d2 nwlnknb.sys
Microsoft Corporation

b62a4c474ee334f2861df2c12c6e154f NWLNKSPX.SYS
Microsoft Corporation

d15cb89adc3f100245a9d196ea2991b5 nwrdr.sys
Microsoft Corporation

8f57dcd17ca9a5dcd93256ea9e7a4863 omci.sys
Dell Computer Corporation

ea27799907eabdb66d2d56af68cd4f06 parallel.sys
Microsoft Corporation

69b713583d6e063ac487e2da30c04289 parport.sys
Microsoft Corporation

f9e922dbe9f3719ce8376cc7ed18cb8d partmgr.sys
Microsoft Corporation

888f6a6ad5810f5828de594e17fe8f3b PARVDM.SYS
Microsoft Corporation

7d0bcb325d29d15024d6a572044e410b pciide.sys
Microsoft Corporation

2c05dd33a2993e64a246bccd36876c28 pciidex.sys
Microsoft Corporation

f0791b1f424f8d84a81d9ae6cfadf089 pci.sys
Microsoft Corporation

b737c89d439b771d92d7c5e8b8d3917c pcmcia.sys
Microsoft Corporation

7e885eb50520747204947eff818b0a29 platalrt.sys
Intel Corporation

c735310cf5cc0282d55880fd7431ccbe portcls.sys
Microsoft Corporation

7cb5efdfc5d8db9067ade522d1422b10 psched.sys
Microsoft Corporation

b78775f217255f786c2e8dbe4334e413 ptilink.sys
Parallel Technologies

63051b814e005dc62c7a0971668c52b4 RASACD.SYS
Microsoft Corporation

935b5be58e57c1f65b3719f41ed3bf4e rasirda.sys
Microsoft Corporation

ec6037c594f20adedea65f0d809493d2 rasl2tp.sys
Microsoft Corporation

0e0212bbbf15800f1536cbfa157dddd6 raspptp.sys
Microsoft Corporation

cb09a98e97e52c389ab17b1e003c9566 RASPTI.SYS
Microsoft Corporation

af7bf005678eddf18ab87ac27bbde68e RAWWAN.SYS
Microsoft Corporation

afce1f733a6aa3a90ac60794dfb26104 RCA.SYS
Microsoft Corporation

9218c2c9af3888fa2e808809b084b0df rdbss.sys
Microsoft Corporation

b5120cb5081865b0c7d93c305c7da939 redbook.sys
Microsoft Corporation

b6756550c2f1aa4be923d0cef5a9e0a4 ROOTMDM.SYS
Microsoft Corporation

bc71acd7ecee7022603e9f8ded3dbcbb SCSIPORT.SYS
Microsoft Corporation

ce7a7269f2a92fa0ad2c195055bcbd23 sensupgd.sys
Sensaura

99c81af18c0bf4d3b2ce0b36941e150f SENTINEL.SYS
tH`ddVS_VERSION_INFO&&?aStringFileInfoBVCompanyNameRainbowTechnologies,Inc.r%FileDescriptionRainbowTechnologiesSentinelDriverbFileVersionPD-.:rInternalNamesentinel.sys|,LegalCopyrightCopyrightRainbowTechnologies,Inc.BrOriginalFilenamesentinel.sysProductNameRainbowTechnologiesSentinelbProductVersionPD-.DVarFileInfo$Translationt*

6db5fdf67486679da3149ef212374861 serenum.sys
Microsoft Corporation

80f28698f48e298d278057f23206133b serial.sys
Microsoft Corporation

96b8aae4f799e81a23aeda935e14f768 sfloppy.sys
Microsoft Corporation

e24637a2c3cd00ee96a94c76c22d86ab sfmatalk.sys
Microsoft Corporation

92723fbdd30771c293fe5ed266a31ca6 slip.sys
Microsoft Corporation

b368a26edaa0095b9f526f3167a4f069 SMCLIB.SYS
Microsoft Corporation

f1771926a47a18bd3a3edac334fc78e0 smsens.sys
Analog Devices

b911c822922cf62df83ad36d5c9775cc smwdm.sys
Analog Devices

31e68615c11ad33dc70ce2ec05583521 sniffxp.sys
ttX*L'VS_VERSION_INFO?bStringFileInfonBtCompanyNameY.A.S.C.fFileDescriptionSniffemNDIS.packetdriver:rFileVersion...bInternalNameSNIFFXP.SYSLegalCopyrightCopyright,,ZollerThierryAllRightsReserved.@bOriginalFilenameSNIFFXP.SYSbProductNameSniffem>rProductVersion...DVarFileInfo$Translationt@

3296c09c1d5c62f96349cc3ab8327dc8 sonydcam.sys
Microsoft Corporation

56c24adde3c44d987c67033a7953c06f SPARROW.SYS
Adaptec

a908898f3fa95fd561c442dfc013f5a2 SRV.SYS
Microsoft Corporation

4544fd0db39cb7b385a5392c068162cd streamip.sys
Microsoft Corporation

3b1a57f6997580eac861bb244fb0b210 STREAMS.SYS
Microsoft Corporation

08116e1cfc74302f97ce523a8f5d6064 stream.sys
Microsoft Corporation

616a013d3ea068b6dee83d905e92ee9f swenum.sys
Microsoft Corporation

8c7cd06d097a59391d94b59715fca67c swmidi.sys
Microsoft Corporation

6c14d96f8c1ba929fad4ba40a29217fa sysaudio.sys
Microsoft Corporation

4059b3810617cee159417cc11b623d86 tape.sys
Microsoft Corporation

02fae418bd28e185a4909e5869497de5 tcpip.sys
Microsoft Corporation

a4c9ada6bf0fa9fb26ab81a5190ad8a1 tdi.sys
Microsoft Corporation

868a84d64a9a9968358e0830fc0e0f25 TOSDVD.SYS
Microsoft Corporation

30f4123fa4e82f72cd3b3554b17d27d5 TSBVCAP.SYS
Toshiba Corporation

1151500efb8759a69c3a0bb1f274138c udfs.sys
Microsoft Corporation

376fb5e14b9d375db3536ba563eae97a uhcd.sys
Microsoft Corporation

3b652d049a3a533a0ebb9bb0d5593be9 Ultra.sys
Promise Technology
Promise Technology
Promise Technology
Promise Technology
Promise Technology
Promise Technology

7a77f319935328cf30945fe0f3c69c9a UPDATE.SYS
Microsoft Corporation

2326c7a679a6eb6653b430cd599a3dad USBCAMD.SYS
Microsoft Corporation

0de8bab91b5343821e09ae3f3db5af66 usbd.sys
Microsoft Corporation

86c71ce544358d3227206a894ae04443 usbehci.sys
Microsoft Corporation

b0205d19ba25ca654810d0aed04496a8 usbhub20.sys
Microsoft Corporation

5c202078f5d500786a1f3279fac3aa64 usbhub.sys
Microsoft Corporation

f576f656f16996a8756385508103b153 USBINTEL.SYS
Microsoft Corporation

0cb2f063a7ce38ed4a8ff17178c1c779 usbport.sys
Microsoft Corporation

e0e4367f5eff9e84fafeeba6ab937fd8 usbprint.sys
Microsoft Corporation

13eba8a2da3447fe7f217e34210ac554 usbstor.sys
Microsoft Corporation

8712cbb21f559c51bf16f20e6749cfd1 vch.sys
Intel Corporation

0b1065656e0f9aa72db73aa6a7c93df4 VDMINDVD.SYS
Ravisent Technologies

1b0040415ba34497a8d76a553aee88aa VGA.SYS
Microsoft Corporation

f3fd13270275ee1830e208c9fc6ad240 videoprt.sys
Microsoft Corporation

9e41792d049c0ddabc76789c0fc7fcbf wa301a.sys
Intel Corporation

9e41792d049c0ddabc76789c0fc7fcbf wa301b.sys
Intel Corporation

f8e7cdc4bc8dd3df1b512f7d83a1502e wa310a.sys
Intel Corporation

f8e7cdc4bc8dd3df1b512f7d83a1502e wa310b.sys
Intel Corporation

aa8c76dfc4afa72f09fdbc6621b7d38d wanarp.sys
Microsoft Corporation

997d25513bc89614417829b5bec7c75c wdmaud.sys
Microsoft Corporation

73a9f95b61048e0783371a4b78e4d637 WMILIB.SYS
Microsoft Corporation

c8a15978b9c09023a3e096cb9b6689c5 WS2IFSL.SYS
Microsoft Corporation

04aca6442e639a794293828e8dda7a44 wstcodec.sys
Microsoft Corporation

0c72974c81bdd626a5f46b2da0de0e99 xeusb.sys
tH`,VS_VERSION_INFO?StringFileInfob:rCompanyNameanchorchipsFileDescriptionXeusbnFileVersion..,InternalNameXeusbFLegalCopyrightCopyright<nOriginalFilenameXeusb.sysFProductNameanchorchipsxeusb.ProductVersion.DVarFileInfo$Translationt

#23 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:34 PM

Posted 22 August 2011 - 03:51 PM

Hello,


How is your machine running now?

1.
Click here to download Kaspersky Virus Removal Tool.
  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose skip if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#24 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 23 August 2011 - 08:17 AM

Hi Fireman,

Got the following message as it was trying to install 2621475.exe Unable to Locate DLL. I tried to attach a copy of the error message but it says the file is too big to upload. It is only 29k???

#25 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:34 PM

Posted 23 August 2011 - 05:28 PM

Hello,

Earlier on ComboFix installed the Recovery Console. We're going to use that now.

Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows 2000 bootup)


Take note of the number that references your operating system. Your operating system should be 1: C:\WINNT

If it's '1' , type 1 and press Enter

Next type FIXMBR


If it ask if you're sure you want to write a new MBR, answer 'Y'

Then type EXIT to reboot the machine.

With that done, please post back and let me know how things are now.




This is similiar to windowsXP so here is a guide on how to use it.



Reboot your machine and when the Boot Menu flashes up - select "Microsoft Windows Recovery Console"
(you need to be very fast with the arrow key as you only have a couple of seconds before it defaults to the windows XP bootup)

Posted Image

Posted Image


When you get to the above screen, take note of the number that references your operating system.

If it's '1' like the picture above, type 1 and press Enter
Posted Image

Next type FIXMBR

Posted Image

If it ask if you're sure you want to write a new MBR, answer 'Y'

Then type EXIT to reboot the machine.

With that done, please post back and let me know how things are now.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#26 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 24 August 2011 - 08:51 AM

Hi,

My initial screen shows the DELL Logo and then starts loading Windows. It shows the option to press F2 or F12. It does not show any option for selecting the operating system or Recovery Console. I went into the BIOS and saw that it was set for Fast Boot. I disabled that option but the same screen appeared (but it did take longer to load Windows).

I tried F2, F8 and F12 but none of them offered me the option of booting up into the Recovery Console.

Sorry, this machine is causing such problems with your suggestions....

BTW - the Update.exe file error message still is there on restart.

#27 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:34 PM

Posted 24 August 2011 - 04:50 PM

Hello,


We need to check your hard disk for errors.

To check the volume for errors:
  • Click start and then My Computer.
  • Right click the drive C and select Properties.
  • Under Tools tab press Check Now...
  • Put a check mark in both items and press start.
  • If you get a message click Yes to schedule the disk check and click OK and then restart your computer to start the disk check. Please be patient and let the system run. In some cases it might take a couple of hours and you don't have to sit there the whole time.
*NOTE: This scan could take along time to complete, but let it finish.


2.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Edited by fireman4it, 24 August 2011 - 04:50 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#28 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 26 August 2011 - 06:37 PM

Hi Fireman,

Thanks for your patience.

Since the scan could take a long time I ran it before I left work today. Will send the results Monday. Have a good weekend.

#29 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:34 PM

Posted 28 August 2011 - 03:19 PM

ok thanks

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#30 bocawork

bocawork
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 29 August 2011 - 08:31 AM

OTL logfile created on: 8/29/2011 9:19:34 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\mike b\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.99 Mb Total Physical Memory | 186.56 Mb Available Physical Memory | 36.58% Memory free
1.44 Gb Paging File | 1.14 Gb Available in Paging File | 79.23% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 18.61 Gb Total Space | 1.52 Gb Free Space | 8.19% Space Free | Partition Type: NTFS
Drive H: | 465.44 Gb Total Space | 68.33 Gb Free Space | 14.68% Space Free | Partition Type: NTFS
Drive L: | 148.97 Gb Total Space | 59.41 Gb Free Space | 39.88% Space Free | Partition Type: NTFS
Drive M: | 74.42 Gb Total Space | 46.80 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive R: | 74.46 Gb Total Space | 42.94 Gb Free Space | 57.67% Space Free | Partition Type: NTFS
Drive T: | 465.44 Gb Total Space | 68.33 Gb Free Space | 14.68% Space Free | Partition Type: NTFS
Drive V: | 148.96 Gb Total Space | 131.52 Gb Free Space | 88.29% Space Free | Partition Type: NTFS

Computer Name: MIKE4 | User Name: mike b | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/25 09:23:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike b\Desktop\OTL.exe
PRC - [2011/08/11 17:39:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/11 17:39:34 | 004,600,704 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2005/11/22 17:08:48 | 000,712,416 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\sdhelp.exe
PRC - [2004/09/07 09:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\mstask.exe
PRC - [2003/06/19 15:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/06/19 15:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\WBEM\WinMgmt.exe
PRC - [2003/06/19 15:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\regsvc.exe
PRC - [2003/02/11 09:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2002/05/17 15:37:54 | 000,061,440 | ---- | M] () -- C:\WINNT\CSSPrepAgentNT.Exe
PRC - [2002/05/08 10:51:52 | 000,212,992 | ---- | M] (Intel Corporation) -- C:\Program Files\intel\ASF Agent\ASFAgent.exe
PRC - [2002/04/04 13:56:10 | 000,163,840 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2002/02/27 10:57:34 | 001,118,208 | ---- | M] (Intel Corporation) -- C:\WINNT\SYSTEM32\NMSSvc.Exe
PRC - [2001/05/08 07:00:00 | 000,020,752 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\INTERNAT.EXE
PRC - [2001/02/19 10:58:24 | 004,677,632 | ---- | M] (Iomega) -- C:\Program Files\Iomega QuikSync 3\quiksync3.exe
PRC - [2001/01/05 22:00:00 | 000,010,784 | ---- | M] () -- C:\Program Files\RAMpage\RAMpage.exe
PRC - [2000/05/20 18:23:48 | 000,086,016 | ---- | M] () -- C:\WINNT\StartupMonitor.exe
PRC - [2000/02/24 13:23:44 | 008,810,548 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\WINWORD.EXE
PRC - [1999/02/28 03:32:52 | 000,124,200 | ---- | M] (Microsoft Corporation) -- C:\WINNT\SYSTEM32\mdm.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/29 09:16:56 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/08/11 17:48:42 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/11 17:48:42 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/11 17:48:42 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2008/03/27 03:02:34 | 000,355,112 | ---- | M] () -- C:\WINNT\SYSTEM32\msjetoledb40.dll
MOD - [2002/05/17 15:37:54 | 000,061,440 | ---- | M] () -- C:\WINNT\CSSPrepAgentNT.Exe
MOD - [2002/04/04 13:56:46 | 000,122,880 | ---- | M] () -- C:\Program Files\Dell\OpenManage\Client\IndiProv.dll
MOD - [2001/01/05 22:00:00 | 000,010,784 | ---- | M] () -- C:\Program Files\RAMpage\RAMpage.exe
MOD - [2000/05/26 12:45:38 | 000,241,664 | ---- | M] () -- C:\Program Files\Network Print Monitor\Driver.DLL
MOD - [2000/05/20 18:23:48 | 000,086,016 | ---- | M] () -- C:\WINNT\StartupMonitor.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2011/08/11 17:39:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2009/07/09 14:03:37 | 000,180,488 | ---- | M] (Sysinternals) [On_Demand | Stopped] -- C:\WINNT\PSEXESVC.EXE -- (PSEXESVC)
SRV - [2005/11/22 17:08:48 | 000,712,416 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\sdhelp.exe -- (SDhelper)
SRV - [2004/09/07 09:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\mstask.exe -- (Schedule)
SRV - [2003/06/19 15:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\WBEM\WinMgmt.exe -- (WinMgmt)
SRV - [2003/06/19 15:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/19 15:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\SYSTEM32\FAXSVC.EXE -- (Fax)
SRV - [2003/06/19 15:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/19 15:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\SYSTEM32\utilman.exe -- (UtilMan)
SRV - [2002/05/17 15:37:54 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\WINNT\CSSPrepAgentNT.Exe -- (CSS PrepAgent)
SRV - [2002/05/08 10:51:52 | 000,212,992 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2002/04/04 13:56:10 | 000,163,840 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2002/02/27 10:57:34 | 001,118,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®
SRV - [2001/05/08 07:00:00 | 000,034,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\SYSTEM32\iprip.dll -- (Iprip)
SRV - [2001/02/19 10:52:02 | 000,352,256 | ---- | M] ( Iomega Corporation) [Auto | Stopped] -- C:\WINNT\System32\iomegaaccess.exe -- (IomegaAccess)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - [2011/08/18 10:10:59 | 000,094,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\18371404.sys -- (13110489)
DRV - [2011/08/18 10:04:08 | 000,094,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\96350972.sys -- (32010704)
DRV - [2011/08/18 09:49:12 | 000,094,512 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\97853767.sys -- (39470527)
DRV - [2011/08/11 17:39:22 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/08/08 17:18:53 | 000,094,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\79877520.sys -- (13245690)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/12 12:59:14 | 000,085,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\mqac.sys -- (MQAC)
DRV - [2006/05/30 15:45:21 | 000,013,703 | ---- | M] (anchor chips) [Kernel | Auto | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\xeusb.sys -- (XELTEK) Xeltek USB Driver (Xeltekusb.sys)
DRV - [2005/05/05 09:52:28 | 000,058,000 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2005/05/05 09:52:28 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/07/09 02:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\mpe.sys -- (MPE)
DRV - [2003/06/19 15:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\dmboot.sys -- (dmboot)
DRV - [2003/06/19 15:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/19 15:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\parallel.sys -- (Parallel)
DRV - [2003/06/19 15:05:04 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\usbhub20.sys -- (usbhub20)
DRV - [2003/06/19 15:05:04 | 000,037,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\nmnt.sys -- (nm)
DRV - [2003/06/19 15:05:04 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\uhcd.sys -- (uhcd)
DRV - [2003/06/19 15:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)
DRV - [2003/06/19 15:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/19 15:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2002/10/14 12:02:16 | 000,011,648 | ---- | M] (Y.A.S.C.) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\sniffxp.sys -- (SNIFFXP)
DRV - [2002/07/15 16:15:38 | 000,089,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\e1000nt5.sys -- (E1000) Intel®
DRV - [2002/05/07 17:06:36 | 000,023,744 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\platalrt.sys -- (PlatAlrt)
DRV - [2002/05/07 17:05:56 | 000,039,680 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\Netalrt.sys -- (NetAlrt)
DRV - [2002/04/04 13:55:22 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINNT\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/02/27 10:57:52 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/01/08 12:52:38 | 000,049,348 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\mac_ibm.sys -- (MAC_IBM)
DRV - [2002/01/08 12:52:38 | 000,009,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\mac_mot.sys -- (MAC_MOT)
DRV - [2002/01/08 12:52:34 | 000,073,216 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/08 09:25:56 | 000,017,258 | ---- | M] (American Megatrends, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\mraid2k.sys -- (mraid2k)
DRV - [2001/05/08 07:00:00 | 000,102,160 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\SYSTEM32\DRIVERS\NBF.SYS -- (Nbf)
DRV - [2001/05/08 07:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\RCA.SYS -- (RCA)
DRV - [2001/05/08 07:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2001/04/26 16:00:30 | 000,064,418 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\fasttrak.sys -- (fasttrak)
DRV - [2000/05/19 15:24:56 | 000,011,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\SYSTEM32\DRIVERS\ipfilter.sys -- (IPFilter)
DRV - [1999/10/27 16:23:38 | 000,345,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [1999/10/23 13:22:20 | 000,061,712 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90BC)
DRV - [1999/10/22 15:54:42 | 000,032,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\SYSTEM32\DRIVERS\ICHAUD.SYS -- (ichaud) Service for AC'97 Driver (WDM)
DRV - [1999/09/25 12:11:42 | 000,011,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\fd16_700.sys -- (Fd16_700)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/ymsgr/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.1.2:80

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.ftp: "10.0.1.2"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "10.0.1.2"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "10.0.1.2"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.0.1.2"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "10.0.1.2"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 10:38:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/14 16:30:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2007/04/17 12:26:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/06/14 16:30:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2007/04/17 12:26:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/06/14 16:30:03 | 000,000,000 | ---D | M]

[2009/05/19 11:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike b\Application Data\Mozilla\Extensions
[2011/05/04 13:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike b\Application Data\Mozilla\Firefox\Profiles\kmb5570x.default\extensions
[2011/03/03 10:45:33 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\mike b\Application Data\Mozilla\Firefox\Profiles\kmb5570x.default\extensions\tineye@ideeinc.com
[2011/06/13 09:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/01 18:11:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/13 10:26:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/13 09:21:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2010/11/01 18:10:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/18 10:38:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/18 10:38:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/18 09:33:59 | 000,000,027 | ---- | M]) - C:\WINNT\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [CSSLogon] C:\WINNT\CSSLogonNT.Exe ()
O4 - HKLM..\Run: [RAMpage] C:\Program Files\RAMpage\RAMpage.exe ()
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINNT\StartupMonitor.exe ()
O4 - HKCU..\Run: [Internat.exe] C:\WINNT\System32\INTERNAT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2011/07/25 14:59:57 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Iomega QuikSync 3.lnk = C:\Program Files\Iomega QuikSync 3\quiksync3.exe (Iomega)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\uninstall.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\mike b\Start Menu\Programs\Startup\AutorunsDisabled [2011/07/25 15:00:09 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\SYSTEM32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINNT\SYSTEM32\msafd.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: cbs.com ([www] http in Trusted sites)
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yahoo.com/dl/installs/yinst0309.cab (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8ax.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} http://www.lorexglobal.com/see/push03.cab (P00RecImageCtrl Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265838381984 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7B133798-FAA8-4A7E-950D-BEB35D3363AF} http://www.blkr.linksys-cam.com/img/LinksysViewer.cab (LinksysViewer Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37875.2465740741 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-141-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23 66.255.85.8 66.255.85.9 204.70.127.127 204.70.127.128
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\SYSTEM32\msdxm.ocx ()
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\SYSTEM32\USERINIT.EXE (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINNT\Santa Fe Stucco.bmp
O24 - Desktop BackupWallPaper: C:\WINNT\Santa Fe Stucco.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk L:\
O32 - Unable to obtain root file information for disk M:\
O32 - AutoRun File - [2008/09/24 14:19:16 | 000,000,047 | ---- | M] () - R:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk V:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - C:\WINNT\System32\IAS.MSC ()
NetSvcs: Iprip - C:\WINNT\SYSTEM32\iprip.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/25 09:23:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mike b\Desktop\OTL.exe
[2011/08/18 10:19:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/18 09:49:12 | 000,094,512 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINNT\System32\drivers\97853767.sys
[2011/08/18 09:17:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/11 16:33:10 | 001,404,720 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mike b\Desktop\tdsskiller.exe
[2011/08/10 09:09:25 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\mike b\Desktop\aswMBR.exe
[2011/08/09 09:15:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2011/08/09 09:15:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2011/08/09 09:15:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2011/08/09 09:15:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2011/08/09 09:14:21 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2011/08/09 09:14:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/09 09:11:38 | 004,178,001 | R--- | C] (Swearware) -- C:\Documents and Settings\mike b\Desktop\ComboFix.exe
[2011/08/04 16:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike b\Start Menu\Programs\Administrative Tools
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/29 09:17:03 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\mike b\Desktop\~$cument.rtf
[2011/08/29 09:15:49 | 000,000,112 | ---- | M] () -- C:\WINNT\CSSPrepAgent.out
[2011/08/29 09:15:49 | 000,000,009 | ---- | M] () -- C:\WINNT\CSSLogonNT.out
[2011/08/26 18:00:20 | 000,421,888 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\uninstall.exe
[2011/08/26 17:57:40 | 006,143,514 | ---- | M] () -- C:\Documents and Settings\mike b\Desktop\timer.rtf
[2011/08/26 15:40:23 | 000,000,664 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2011/08/26 09:19:14 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\mike b\Desktop\Document.rtf
[2011/08/25 09:23:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike b\Desktop\OTL.exe
[2011/08/24 09:49:09 | 000,001,522 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/08/24 09:37:20 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat
[2011/08/24 09:29:52 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_590.dat
[2011/08/24 09:29:49 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_384.dat
[2011/08/24 09:29:29 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_294.dat
[2011/08/24 09:23:29 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_390.dat
[2011/08/24 09:23:09 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_29c.dat
[2011/08/24 09:21:13 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3a8.dat
[2011/08/24 09:18:58 | 001,372,372 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2011/08/22 17:50:31 | 000,000,428 | ---- | M] () -- C:\Documents and Settings\mike b\Desktop\Shortcut to Downloads.lnk
[2011/08/22 11:19:24 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\mike b\Desktop\Shortcut to work.lnk
[2011/08/22 09:50:39 | 000,001,540 | ---- | M] () -- C:\Documents and Settings\mike b\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/08/22 09:29:20 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_7c.dat
[2011/08/18 10:28:19 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_38c.dat
[2011/08/18 10:10:59 | 000,094,512 | ---- | M] () -- C:\WINNT\System32\drivers\18371404.sys
[2011/08/18 10:04:08 | 000,094,512 | ---- | M] () -- C:\WINNT\System32\drivers\96350972.sys
[2011/08/18 09:51:19 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3a0.dat
[2011/08/18 09:49:12 | 000,094,512 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINNT\System32\drivers\97853767.sys
[2011/08/18 09:33:59 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\ETC\hosts
[2011/08/18 09:16:55 | 004,178,001 | R--- | M] (Swearware) -- C:\Documents and Settings\mike b\Desktop\ComboFix.exe
[2011/08/17 10:13:31 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\mike b\Desktop\MBRCheck.exe
[2011/08/12 09:22:10 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_394.dat
[2011/08/11 16:33:10 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mike b\Desktop\tdsskiller.exe
[2011/08/10 16:46:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\mike b\Desktop\MBR.dat
[2011/08/10 09:10:32 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\mike b\Desktop\SystemLook.exe
[2011/08/10 09:10:20 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\mike b\Desktop\aswMBR.exe
[2011/08/10 09:10:09 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\mike b\Desktop\RKUnhookerLE.EXE
[2011/08/09 09:55:52 | 000,373,405 | ---- | M] () -- C:\Documents and Settings\mike b\Desktop\screenshot.rtf
[2011/08/08 17:18:53 | 000,094,512 | ---- | M] () -- C:\WINNT\System32\drivers\79877520.sys
[2011/08/04 16:57:07 | 000,019,066 | ---- | M] () -- C:\Documents and Settings\mike b\Desktop\mfeed.rtf
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/29 09:17:03 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\mike b\Desktop\~$cument.rtf
[2011/08/26 17:57:38 | 006,143,514 | ---- | C] () -- C:\Documents and Settings\mike b\Desktop\timer.rtf
[2011/08/26 09:19:14 | 000,001,903 | ---- | C] () -- C:\Documents and Settings\mike b\Desktop\Document.rtf
[2011/08/24 09:37:48 | 000,421,888 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\uninstall.exe
[2011/08/24 09:37:20 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat
[2011/08/24 09:29:52 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_590.dat
[2011/08/24 09:29:49 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_384.dat
[2011/08/24 09:29:29 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_294.dat
[2011/08/24 09:23:29 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_390.dat
[2011/08/24 09:23:09 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_29c.dat
[2011/08/24 09:21:13 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3a8.dat
[2011/08/22 09:29:20 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_7c.dat
[2011/08/18 10:28:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_38c.dat
[2011/08/18 10:26:14 | 001,372,372 | -H-- | C] () -- C:\WINNT\ShellIconCache
[2011/08/18 10:10:59 | 000,094,512 | ---- | C] () -- C:\WINNT\System32\drivers\18371404.sys
[2011/08/18 10:04:08 | 000,094,512 | ---- | C] () -- C:\WINNT\System32\drivers\96350972.sys
[2011/08/18 09:51:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3a0.dat
[2011/08/17 10:13:34 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\mike b\Desktop\MBRCheck.exe
[2011/08/12 09:22:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_394.dat
[2011/08/10 16:46:19 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\mike b\Desktop\MBR.dat
[2011/08/10 09:10:33 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\mike b\Desktop\SystemLook.exe
[2011/08/10 09:10:11 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\mike b\Desktop\RKUnhookerLE.EXE
[2011/08/09 09:55:52 | 000,373,405 | ---- | C] () -- C:\Documents and Settings\mike b\Desktop\screenshot.rtf
[2011/08/09 09:15:55 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2011/08/09 09:15:55 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2011/08/09 09:15:55 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2011/08/09 09:15:55 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2011/08/09 09:15:55 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2011/08/08 17:18:53 | 000,094,512 | ---- | C] () -- C:\WINNT\System32\drivers\79877520.sys
[2011/08/05 11:12:45 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\mike b\Desktop\Shortcut to work.lnk
[2011/08/04 17:02:24 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\mike b\Desktop\gmer.exe
[2011/08/04 16:57:06 | 000,019,066 | ---- | C] () -- C:\Documents and Settings\mike b\Desktop\mfeed.rtf
[2008/10/17 11:43:37 | 000,000,250 | ---- | C] () -- C:\WINNT\gmer.ini
[2008/10/17 11:43:34 | 000,884,736 | ---- | C] () -- C:\WINNT\gmer.dll
[2008/10/17 11:43:34 | 000,811,008 | ---- | C] () -- C:\WINNT\gmer.exe
[2008/10/03 13:09:01 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2008/09/23 17:25:01 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2008/02/11 09:39:26 | 000,253,952 | ---- | C] () -- C:\WINNT\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 000,237,568 | ---- | C] () -- C:\WINNT\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\OnlineScannerLang.dll
[2008/02/05 08:48:04 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\OnlineScannerUninstaller.exe
[2008/01/09 16:01:48 | 000,053,248 | ---- | C] () -- C:\WINNT\bdoscandel.exe
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\WINNT\bdoscandellang.ini
[2007/10/26 15:09:28 | 000,021,312 | ---- | C] () -- C:\WINNT\choice.exe
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINNT\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINNT\System32\lnod32apiA.dll
[2006/11/29 15:12:59 | 000,000,032 | ---- | C] () -- C:\WINNT\thxcfg.ini
[2006/08/04 15:53:49 | 000,000,028 | ---- | C] () -- C:\WINNT\fmx.INI
[2006/08/04 15:46:24 | 000,000,137 | ---- | C] () -- C:\WINNT\SW_Win2000X9.DLL
[2006/05/31 09:37:46 | 000,000,143 | ---- | C] () -- C:\WINNT\SP3000.INI
[2006/03/14 12:42:19 | 000,000,012 | ---- | C] () -- C:\WINNT\iomqs3.dat
[2006/01/09 16:35:15 | 000,000,205 | ---- | C] () -- C:\WINNT\System32\winctrl16.exe.tcf
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINNT\System32\lnod32upd.dll
[2005/11/30 17:22:14 | 000,000,667 | ---- | C] () -- C:\WINNT\avp32.ini
[2005/03/02 11:15:42 | 000,149,504 | ---- | C] () -- C:\WINNT\System32\UNWISE32.EXE
[2005/02/07 10:26:03 | 000,000,032 | ---- | C] () -- C:\WINNT\iltwain.ini
[2005/02/07 10:05:49 | 000,000,000 | ---- | C] () -- C:\WINNT\PROTOCOL.INI
[2005/02/02 10:04:27 | 000,000,473 | ---- | C] () -- C:\WINNT\mf.ini
[2004/09/05 08:59:50 | 000,155,648 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2004/09/05 08:58:04 | 000,679,936 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2004/05/12 17:28:16 | 000,000,108 | ---- | C] () -- C:\WINNT\LABELGO.INI
[2004/05/11 12:08:37 | 000,000,335 | ---- | C] () -- C:\WINNT\nsreg.dat
[2004/05/11 12:08:22 | 000,095,440 | ---- | C] () -- C:\WINNT\NSUninst.exe
[2004/05/11 12:08:07 | 000,095,440 | ---- | C] () -- C:\WINNT\GREUninstall.exe
[2004/05/11 12:08:04 | 000,009,782 | ---- | C] () -- C:\WINNT\mozver.dat
[2004/05/11 11:12:29 | 000,000,379 | ---- | C] () -- C:\WINNT\barcode.ini
[2004/05/10 12:40:12 | 000,028,775 | ---- | C] () -- C:\WINNT\javaw.exe
[2004/05/10 12:40:12 | 000,024,677 | ---- | C] () -- C:\WINNT\java.exe
[2004/03/24 11:38:17 | 000,000,092 | ---- | C] () -- C:\WINNT\TraceSrv.ini
[2004/03/02 17:10:09 | 000,458,752 | ---- | C] () -- C:\WINNT\tls704d.dll
[2004/03/02 17:10:09 | 000,032,768 | ---- | C] () -- C:\WINNT\uninstallrq.exe
[2003/11/20 12:56:20 | 000,000,000 | ---- | C] () -- C:\WINNT\PNFCC2S.INI
[2003/11/20 12:33:58 | 000,127,026 | ---- | C] () -- C:\WINNT\System32\pdfmona.dll
[2003/11/20 12:33:58 | 000,048,936 | ---- | C] () -- C:\WINNT\System32\pdf995mon.dll
[2003/11/05 11:37:23 | 000,000,678 | ---- | C] () -- C:\WINNT\HelpRead.ini
[2003/11/05 11:25:49 | 000,000,316 | ---- | C] () -- C:\WINNT\provw.ini
[2003/11/05 11:14:45 | 000,024,144 | ---- | C] () -- C:\WINNT\HSUN16.EXE
[2003/11/05 10:53:53 | 000,034,864 | ---- | C] () -- C:\WINNT\UNWISE.EXE
[2003/10/03 11:41:13 | 000,008,179 | ---- | C] () -- C:\WINNT\lviewp.ini
[2003/09/19 13:29:03 | 000,061,440 | ---- | C] () -- C:\WINNT\CSSPrepAgentNT.Exe
[2003/09/19 13:29:03 | 000,045,056 | ---- | C] () -- C:\WINNT\CSSLogonNT.Exe
[2003/09/03 16:02:26 | 000,000,078 | ---- | C] () -- C:\WINNT\waspkeys.ini
[2003/09/02 11:37:42 | 000,098,304 | ---- | C] () -- C:\WINNT\System32\MW6PDF417.dll
[2003/08/28 17:15:08 | 000,000,185 | ---- | C] () -- C:\WINNT\mdm.ini
[2003/07/22 14:50:38 | 000,000,000 | ---- | C] () -- C:\WINNT\NSREX.INI
[2003/07/21 11:14:34 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2003/07/21 11:14:34 | 000,000,144 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
[2003/07/01 10:27:15 | 000,000,266 | ---- | C] () -- C:\WINNT\cxsfcc.dat
[2003/07/01 10:27:15 | 000,000,018 | ---- | C] () -- C:\WINNT\iflcii.dat
[2003/03/18 12:08:24 | 000,000,000 | ---- | C] () -- C:\WINNT\frontpg.ini
[2003/03/07 10:38:53 | 000,000,039 | ---- | C] () -- C:\WINNT\elanlm (.ini
[2003/03/05 11:33:54 | 000,073,216 | ---- | C] () -- C:\WINNT\System32\drivers\SENTINEL.SYS
[2003/03/05 11:33:54 | 000,047,616 | ---- | C] () -- C:\WINNT\System32\SNTI386.DLL
[2003/03/05 11:33:54 | 000,017,920 | ---- | C] () -- C:\WINNT\System32\RNBOVDD.DLL
[2003/03/05 11:33:40 | 000,049,348 | ---- | C] () -- C:\WINNT\System32\drivers\mac_ibm.sys
[2003/03/05 11:33:40 | 000,009,504 | ---- | C] () -- C:\WINNT\System32\drivers\mac_mot.sys
[2003/03/05 11:32:25 | 000,026,624 | ---- | C] () -- C:\WINNT\System32\j32dv10.dll
[2003/03/05 11:18:41 | 000,000,035 | ---- | C] () -- C:\WINNT\A5W.INI
[2003/02/21 16:39:29 | 000,000,754 | ---- | C] () -- C:\WINNT\WORDPAD.INI
[2003/02/05 15:07:10 | 000,026,932 | ---- | C] () -- C:\Documents and Settings\mike b\Application Data\Personal Address Book.ADR
[2003/02/04 14:43:41 | 000,000,881 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/12/05 19:51:00 | 000,059,392 | R--- | C] () -- C:\WINNT\streamhlp.dll
[2002/10/25 10:36:40 | 000,253,472 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2002/10/25 09:25:12 | 000,000,477 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2002/05/15 12:13:20 | 000,081,920 | R--- | C] () -- C:\WINNT\System32\SipCal.dll
[2002/05/07 17:06:36 | 000,019,968 | ---- | C] () -- C:\WINNT\System32\drivers\platmsg.dll
[2002/05/07 17:06:16 | 000,019,968 | ---- | C] () -- C:\WINNT\System32\drivers\netamsg.dll
[2002/04/16 17:57:28 | 000,135,168 | ---- | C] () -- C:\WINNT\System32\aolninst.dll
[2002/03/12 11:54:00 | 000,004,254 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2002/03/12 11:53:54 | 000,309,230 | ---- | C] () -- C:\WINNT\System32\PERFH009.DAT
[2002/03/12 11:53:54 | 000,040,544 | ---- | C] () -- C:\WINNT\System32\PERFC009.DAT
[2002/03/12 11:53:40 | 000,021,952 | -H-- | C] () -- C:\Program Files\FOLDER.HTT
[2002/03/12 11:53:12 | 000,015,012 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2002/02/06 09:04:14 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\PROInst.dll
[2001/11/27 21:42:56 | 000,000,039 | ---- | C] () -- C:\WINNT\pperfect7.ini
[2001/05/08 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\MLANG.DAT
[2001/05/08 07:00:00 | 000,272,492 | ---- | C] () -- C:\WINNT\System32\PERFI009.DAT
[2001/05/08 07:00:00 | 000,217,359 | ---- | C] () -- C:\WINNT\System32\DSSEC.DAT
[2001/05/08 07:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\QCUT.DLL
[2001/05/08 07:00:00 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\LVCAM.SYS
[2001/05/08 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\MIB.BIN
[2001/05/08 07:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\EFSADU.DLL
[2001/05/08 07:00:00 | 000,028,270 | ---- | C] () -- C:\WINNT\System32\PERFD009.DAT
[2001/05/08 07:00:00 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\LVSOUND.SYS
[2001/05/08 07:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\IASPERF.INI
[2001/05/08 07:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\FAXPERF.INI
[2001/05/08 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\NOISE.DAT
[2001/05/08 07:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\WELCOME.INI
[2000/05/20 18:23:48 | 000,086,016 | ---- | C] () -- C:\WINNT\StartupMonitor.exe
[1999/12/02 22:01:20 | 000,229,376 | ---- | C] () -- C:\WINNT\System32\ISP2000.dll
[1999/09/17 20:12:54 | 000,044,344 | ---- | C] () -- C:\WINNT\System32\Seqcal.sys
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINNT\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINNT\JAUTOEXP.INI
[1980/01/01 01:00:00 | 000,262,144 | ---- | C] () -- C:\WINNT\System32\shpshftr.dll

========== LOP Check ==========

[2011/07/26 11:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Authentium
[2003/11/20 12:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PEERNET
[2006/02/22 10:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2006/04/07 09:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/17 16:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike b\Application Data\ComAgent
[2003/09/19 14:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike b\Application Data\Command Software
[2008/08/07 16:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike b\Application Data\Eltima Software
[2005/10/18 09:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike b\Application Data\Ethereal
[2005/03/30 10:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike b\Application Data\funkitron
[2004/02/13 15:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike b\Application Data\Leadertech
[2003/11/20 12:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike b\Application Data\PEERNET
[2005/03/31 17:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike b\Application Data\PokerAcademyProDemo
[2008/01/09 14:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike b\Application Data\Snapfish
[2008/10/02 14:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike b\Application Data\Wireshark
[2009/07/30 13:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike b\Application Data\XNote Stopwatch

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[1987/07/23 21:00:02 | 000,080,592 | ---- | M] () -- C:\BASIC.EXE
[2004/11/18 13:21:22 | 020,449,476 | ---- | M] (CBN Systems ) -- C:\CBN_Selector.exe
[2006/09/21 11:35:58 | 001,936,157 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\ComAgentInstall.exe
[2010/02/10 16:46:20 | 001,821,192 | ---- | M] (Microsoft Corporation) -- C:\vcredist_x86.exe
[2008/01/22 16:25:58 | 001,206,366 | ---- | M] () -- C:\wrar371.exe


< MD5 for: AGP440.SYS >
[2010/02/10 17:58:17 | 010,066,272 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\I386\sp4.cab:AGP440.sys
[2010/02/10 17:58:17 | 010,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:AGP440.sys
[2003/06/19 15:05:04 | 000,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\ERDNT\cache\agp440.sys
[2003/06/19 15:05:04 | 000,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2003/06/19 15:05:04 | 000,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\SYSTEM32\DRIVERS\agp440.sys
[1999/09/28 16:37:34 | 000,020,656 | ---- | M] (Microsoft Corporation) MD5=EF0B06C91C81FB3AF3D31CF9EA5B2591 -- C:\I386\AGP440.SYS
[1999/09/28 16:37:34 | 000,020,656 | ---- | M] (Microsoft Corporation) MD5=EF0B06C91C81FB3AF3D31CF9EA5B2591 -- C:\WINNT\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2001/05/08 07:00:00 | 005,205,021 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2001/05/08 07:00:00 | 005,205,021 | ---- | M] () .cab file -- C:\WINNT\$NtServicePackUninstall$\sp2.cab:atapi.sys
[2010/02/10 17:58:17 | 010,066,272 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\I386\sp4.cab:atapi.sys
[2010/02/10 17:58:17 | 010,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:atapi.sys
[2001/05/04 13:05:02 | 000,085,264 | ---- | M] (Microsoft Corporation) MD5=7E91972F4CF3EA0B0C804F005BF42C7A -- C:\I386\atapi.sys
[2001/05/04 13:05:02 | 000,085,264 | ---- | M] (Microsoft Corporation) MD5=7E91972F4CF3EA0B0C804F005BF42C7A -- C:\WINNT\$NtServicePackUninstall$\atapi.sys
[2003/06/19 15:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\ERDNT\cache\atapi.sys
[2003/06/19 15:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2003/06/19 15:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\SYSTEM32\DRIVERS\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2003/06/19 15:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2004/03/23 22:17:01 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=CEB85BFA135CBDDA10C89E5D31D95F9B -- C:\WINNT\$NtUpdateRollupPackUninstall$\eventlog.dll
[2001/05/08 07:00:00 | 000,044,816 | ---- | M] (Microsoft Corporation) MD5=E3B0DABC518C3744DF00B12899D60805 -- C:\I386\EVENTLOG.DLL
[2001/05/08 07:00:00 | 000,044,816 | ---- | M] (Microsoft Corporation) MD5=E3B0DABC518C3744DF00B12899D60805 -- C:\WINNT\$NtUninstallKB835732$\eventlog.dll
[2005/04/08 05:54:32 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=E7F03344AE103B02135C20112B557051 -- C:\WINNT\ERDNT\cache\EVENTLOG.DLL
[2005/04/08 05:54:32 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=E7F03344AE103B02135C20112B557051 -- C:\WINNT\SYSTEM32\DLLCACHE\EVENTLOG.DLL
[2005/04/08 05:54:32 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=E7F03344AE103B02135C20112B557051 -- C:\WINNT\SYSTEM32\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2003/06/19 15:05:04 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2004/03/23 22:17:01 | 000,371,472 | ---- | M] (Microsoft Corporation) MD5=21537BC1F1AB7667A3828B2344E6D4BA -- C:\WINNT\$NtUpdateRollupPackUninstall$\netlogon.dll
[2001/10/30 05:57:00 | 000,369,936 | ---- | M] (Microsoft Corporation) MD5=2AF99428CC30FCD7B8201E837C35EAFB -- C:\I386\NETLOGON.DLL
[2001/10/30 05:57:00 | 000,369,936 | ---- | M] (Microsoft Corporation) MD5=2AF99428CC30FCD7B8201E837C35EAFB -- C:\WINNT\$NtUninstallKB835732$\netlogon.dll
[2005/04/08 05:54:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\ERDNT\cache\NETLOGON.DLL
[2005/04/08 05:54:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\SYSTEM32\DLLCACHE\NETLOGON.DLL
[2005/04/08 05:54:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\SYSTEM32\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2004/03/23 22:17:01 | 000,111,376 | ---- | M] (Microsoft Corporation) MD5=0B476C9305098B37BE70F0AC29E671E5 -- C:\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll
[2005/01/12 13:39:44 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=6FCCE1622E75C7DC46509F7EC4B314A3 -- C:\WINNT\ERDNT\cache\scecli.dll
[2005/01/12 13:39:44 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=6FCCE1622E75C7DC46509F7EC4B314A3 -- C:\WINNT\SYSTEM32\DLLCACHE\scecli.dll
[2005/01/12 13:39:44 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=6FCCE1622E75C7DC46509F7EC4B314A3 -- C:\WINNT\SYSTEM32\scecli.dll
[2001/10/30 05:57:00 | 000,111,376 | ---- | M] (Microsoft Corporation) MD5=8F874F7BDC756C0F8237D243BC3E98C4 -- C:\I386\scecli.dll
[2001/10/30 05:57:00 | 000,111,376 | ---- | M] (Microsoft Corporation) MD5=8F874F7BDC756C0F8237D243BC3E98C4 -- C:\WINNT\$NtUninstallKB835732$\scecli.dll
[2003/06/19 15:05:04 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\ServicePackFiles\i386\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >



OTL Extras logfile created on: 8/29/2011 9:19:35 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\mike b\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.99 Mb Total Physical Memory | 186.56 Mb Available Physical Memory | 36.58% Memory free
1.44 Gb Paging File | 1.14 Gb Available in Paging File | 79.23% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 18.61 Gb Total Space | 1.52 Gb Free Space | 8.19% Space Free | Partition Type: NTFS
Drive H: | 465.44 Gb Total Space | 68.33 Gb Free Space | 14.68% Space Free | Partition Type: NTFS
Drive L: | 148.97 Gb Total Space | 59.41 Gb Free Space | 39.88% Space Free | Partition Type: NTFS
Drive M: | 74.42 Gb Total Space | 46.80 Gb Free Space | 62.89% Space Free | Partition Type: NTFS
Drive R: | 74.46 Gb Total Space | 42.94 Gb Free Space | 57.67% Space Free | Partition Type: NTFS
Drive T: | 465.44 Gb Total Space | 68.33 Gb Free Space | 14.68% Space Free | Partition Type: NTFS
Drive V: | 148.96 Gb Total Space | 131.52 Gb Free Space | 88.29% Space Free | Partition Type: NTFS

Computer Name: MIKE4 | User Name: mike b | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{121634B0-2F4A-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{207E202B-054D-450A-A487-2086AB86D225}" = LabelWorks Demo
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3E713D52-C967-41FB-AA24-3A92CC1025A4}" = Remote Desktop Connection
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{485FE7F7-6DDC-4122-989B-ECCF2D05535E}" = CBN Selector 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C701994-43D2-4B7B-A548-C6E6C224D9A9}" = Intel« PRO Network Adapters WMI Provider (2.0)
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{6797B492-3814-4129-AD07-C727D23FB5BF}" = Intel« Pro Alerting Agent, Version 3.0.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C70768B-54D2-11D7-8DC5-00008658F6F8}" = HP Install Network Printer Wizard
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.12
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{84909249-924A-11D5-A7DD-9F5B71005E4C}" = Print Perfect Platinum
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A86958D5-54A3-4D38-99CA-DC1CE2C771B7}" = MW6PDF417 ActiveX
"{ABEA93FA-8D65-11D2-98AB-00C04F79C5D1}" = Microsoft IntelliPoint
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C337E819-C65F-4317-BEAD-C2D62D53B316}" = MULTI 2000, Mips v3.5 (C:\GHS\mips35)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DCB91C79-B78B-44B1-A7FE-28DECA6E9245}" = ControlUtility
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF9D7F70-6FF7-11D1-B258-00805F367152}" = HHP QuickView
"AB Invoicing" = AB Invoicing
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Alt-N ComAgent" = Alt-N ComAgent
"AnalogX NetStat Live" = AnalogX NetStat Live
"Avaya Voice Player for Telephony" = Avaya Voice Player for Telephony
"Bar Code 128 Sample" = Bar Code 128 Sample
"bcstudio.exe" = TEC-IT Barcode Studio 4
"Bicycle Casino 2.0" = Bicycle Casino 2.0
"Checkers 1.3" = Checkers 1.3
"CleanUp!" = CleanUp!
"CorelDRAW 10" = CorelDRAW 10
"EsetOnlineScanner" = ESET Online Scanner
"Ethereal" = Ethereal 0.10.12
"File Merge Express" = File Merge Express
"HijackThis" = HijackThis 2.0.2
"HP Download Manager" = HP Download Manager
"HTPE3" = HyperTerminal Private Edition v6.3
"IDAutomation.com Check Digit and Printing Application" = IDAutomation.com Check Digit and Printing Application
"IDAutomation.com Code 128 Font Adv Package Sample" = IDAutomation.com Code 128 Font Adv Package Sample
"IrfanView" = IrfanView (remove only)
"Keil ÁVision3" = Keil ÁVision3
"Keil ÁVision4" = Keil ÁVision4
"Label Magic_is1" = Label Magic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microchip TCP/IP Stack v2.11 Source" = Microchip TCP/IP Stack v2.11 Source
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"Netscape (7.1)" = Netscape (7.1)
"NSCCR16bt" = Simply Blue 2.0
"phyCORE-LPC3250 Rapid Development Kit v1.1" = phyCORE-LPC3250 Rapid Development Kit v1.1
"PokerAcademyProDemo" = Poker Academy Pro Demo
"PrintersBench Pro_is1" = PrintersBench Pro 1.00
"Product_Name" = Sniff'em
"PROSet" = Intel® PRO Ethernet Adapter and Software
"PSNPMONV1" = Network Print Monitor for Windows 2000
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"QuickTime" = QuickTime
"QuikSync 3" = QuikSync 3
"Rainbow Sentinel Driver" = Sentinel System Driver
"Revo Uninstaller" = Revo Uninstaller 1.85
"ScanView by HHP" = ScanView by HHP
"Shockwave" = Shockwave
"Sourcery G++ Lite for ARM EABI" = Sourcery G++ Lite for ARM EABI
"Spyware Doctor_is1" = Spyware Doctor 3.2
"ST6UNST #1" = Winsock Tester
"ST6UNST #2" = Boca Systems Graphics Tool V1.4
"ST6UNST #3" = Boca Systems Customer V6.4
"ST6UNST #4" = DoubleSix
"ST6UNST #6" = Customer (C:\Program Files\Customer\)
"SWF & FLV Player_is1" = SWF & FLV Player 3.0 (build 3.0.33.5106)
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"VenueBench" = VenueBench
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 1.0.5
"Wasp Bar Code ActiveX & DLL" = Wasp Bar Code ActiveX & DLL
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows 2000 Service Pack" = Windows 2000 Service Pack 4
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Wireshark" = Wireshark 1.1.0
"XNote Stopwatch" = XNote Stopwatch
"XnView_is1" = XnView 1.61
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/22/2011 9:28:23 AM | Computer Name = MIKE4 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 8/22/2011 9:41:41 AM | Computer Name = MIKE4 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 8/24/2011 9:21:00 AM | Computer Name = MIKE4 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 8/24/2011 9:23:17 AM | Computer Name = MIKE4 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 8/24/2011 9:27:05 AM | Computer Name = MIKE4 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 8/24/2011 9:29:37 AM | Computer Name = MIKE4 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 8/24/2011 9:32:06 AM | Computer Name = MIKE4 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 8/24/2011 9:34:24 AM | Computer Name = MIKE4 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 8/24/2011 9:37:09 AM | Computer Name = MIKE4 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 8/26/2011 6:59:18 PM | Computer Name = MIKE4 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

[ System Events ]
Error - 8/24/2011 9:29:25 AM | Computer Name = MIKE4 | Source = Service Control Manager | ID = 7000
Description = The Dynamic Virus Protection service failed to start due to the following
error: %%2

Error - 8/24/2011 9:29:30 AM | Computer Name = MIKE4 | Source = Server | ID = 2511
Description = The server service was unable to recreate the share D7VNPC8F because
the directory C:\Documents and Settings\mike b\Local Settings\Temp\Temporary Internet
Files\Content.IE5\D7VNPC8F no longer exists.

Error - 8/24/2011 9:31:55 AM | Computer Name = MIKE4 | Source = Service Control Manager | ID = 7000
Description = The Dynamic Virus Protection service failed to start due to the following
error: %%2

Error - 8/24/2011 9:32:00 AM | Computer Name = MIKE4 | Source = Server | ID = 2511
Description = The server service was unable to recreate the share D7VNPC8F because
the directory C:\Documents and Settings\mike b\Local Settings\Temp\Temporary Internet
Files\Content.IE5\D7VNPC8F no longer exists.

Error - 8/24/2011 9:34:13 AM | Computer Name = MIKE4 | Source = Service Control Manager | ID = 7000
Description = The Dynamic Virus Protection service failed to start due to the following
error: %%2

Error - 8/24/2011 9:34:18 AM | Computer Name = MIKE4 | Source = Server | ID = 2511
Description = The server service was unable to recreate the share D7VNPC8F because
the directory C:\Documents and Settings\mike b\Local Settings\Temp\Temporary Internet
Files\Content.IE5\D7VNPC8F no longer exists.

Error - 8/24/2011 9:36:57 AM | Computer Name = MIKE4 | Source = Service Control Manager | ID = 7000
Description = The Dynamic Virus Protection service failed to start due to the following
error: %%2

Error - 8/24/2011 9:37:02 AM | Computer Name = MIKE4 | Source = Server | ID = 2511
Description = The server service was unable to recreate the share D7VNPC8F because
the directory C:\Documents and Settings\mike b\Local Settings\Temp\Temporary Internet
Files\Content.IE5\D7VNPC8F no longer exists.

Error - 8/26/2011 6:59:06 PM | Computer Name = MIKE4 | Source = Service Control Manager | ID = 7000
Description = The Dynamic Virus Protection service failed to start due to the following
error: %%2

Error - 8/26/2011 6:59:11 PM | Computer Name = MIKE4 | Source = Server | ID = 2511
Description = The server service was unable to recreate the share D7VNPC8F because
the directory C:\Documents and Settings\mike b\Local Settings\Temp\Temporary Internet
Files\Content.IE5\D7VNPC8F no longer exists.


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users