Help - Search - Members
Full Version: Is my laptop affected by virus?
Piriform Community Forums > Computer Help and Discussion > Spyware Hell
Vamsee
Oct 31 2009, 04:25 AM
Hi,
Since Y'day I'm not able to reboot my laptop ( dell M6300.. Windows XP professional) in safe mode. Also I'm not able to connect internet either through wireless/LAN connection. I'm not sure if its because of virus or some hardware issue. I haven't installed new software since last 2 months on this lapttop. Please help ...

MBAM Log.. No virus found by MBAM


Malwarebytes' Anti-Malware 1.41
Database version: 3063
Windows 5.1.2600 Service Pack 2

10/30/2009 10:14:02 PM
mbam-log-2009-10-30 (22-14-02).txt

Scan type: Quick Scan
Objects scanned: 120752
Time elapsed: 49 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Router log

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 6.0.2900.2180
.
C:\ [Fixed-NTFS] .. ( Total:55 Go - Free:35 Go )
D:\ [Fixed-NTFS] .. ( Total:35 Go - Free:29 Go )
E:\ [CD_Rom]
.
Scan : 23:20.15
Path : C:\Documents and Settings\ngtabcs\Desktop\Rooter.exe
User : NGTABCS ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (1212)
______ \??\C:\WINDOWS\system32\csrss.exe (1280)
______ \??\C:\WINDOWS\system32\winlogon.exe (1308)
______ C:\WINDOWS\system32\services.exe (1356)
______ C:\WINDOWS\system32\lsass.exe (1368)
______ C:\WINDOWS\system32\svchost.exe (1536)
______ C:\WINDOWS\system32\svchost.exe (1640)
______ C:\WINDOWS\System32\svchost.exe (1680)
______ C:\WINDOWS\system32\svchost.exe (1844)
______ C:\WINDOWS\system32\svchost.exe (1884)
______ C:\WINDOWS\System32\WLTRYSVC.EXE (212)
______ C:\WINDOWS\System32\bcmwltry.exe (224)
______ C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (232)
______ C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (272)
______ C:\WINDOWS\system32\spoolsv.exe (368)
______ C:\WINDOWS\System32\SCardSvr.exe (448)
______ C:\WINDOWS\system32\svchost.exe (760)
______ C:\Program Files\Blackice\blackd.exe (796)
______ C:\Program Files\Symantec AntiVirus\DefWatch.exe (832)
______ C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe (924)
______ C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\NFS Maestro\expserv.exe (956)
______ C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe (1004)
______ C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\Humnmap.exe (1036)
______ C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (1100)
______ C:\WINDOWS\system32\nvsvc32.exe (1136)
______ C:\Program Files\Blackice\RapApp.exe (1176)
______ C:\Program Files\SafeBoot\SBMGRNT.EXE (1220)
______ C:\Program Files\Ca\Unicenter Software Delivery\Bin\SDServ.exe (1372)
______ C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe (1880)
______ C:\Program Files\Symantec AntiVirus\Rtvscan.exe (2016)
______ C:\Program Files\OpenAFS\Client\Program\afsd_service.exe (2044)
______ C:\WINDOWS\system32\wdfmgr.exe (492)
______ C:\Program Files\Blackice\vpatch.exe (592)
______ C:\Program Files\Orl\Vnc\WinVNC.exe (648)
______ C:\WINDOWS\UMCSTUB.EXE (584)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (800)
______ C:\Program Files\Fiberlink\Extend360\VPNSentry.exe (1800)
______ C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (3384)
______ C:\WINDOWS\Explorer.EXE (2756)
______ C:\PROGRA~1\SYMANT~1\VPTray.exe (3056)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (172)
______ C:\WINDOWS\system32\RunDLL32.exe (684)
______ C:\WINDOWS\system32\rundll32.exe (692)
______ C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\HumGSS.exe (880)
______ C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (616)
______ C:\Program Files\Common Files\Symantec Shared\ccApp.exe (2144)
______ C:\WINDOWS\system32\WLTRAY.exe (2652)
______ C:\WINDOWS\system32\dwwin.exe (2468)
______ C:\Program Files\OpenAFS\Client\Program\afscreds.exe (3252)
______ C:\Apps\GoScreen\goScreen.exe (3444)
______ c:\progra~1\intern~1\iexplore.exe (2204)
______ C:\WINDOWS\system32\wuauclt.exe (3932)
______ C:\Documents and Settings\ngtabcs\Desktop\Rooter.exe (3336)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:8225280 | Length:60011642880)
\Device\Harddisk0\Partition0 (Start_Offset:60019868160 | Length:60011642880)
\Device\Harddisk0\Partition2 (Start_Offset:60019900416 | Length:10742183424)
\Device\Harddisk0\Partition0 (Start_Offset:70762083840 | Length:10742215680)
\Device\Harddisk0\Partition3 (Start_Offset:70762116096 | Length:10742183424)
\Device\Harddisk0\Partition0 (Start_Offset:81504299520 | Length:38527211520)
\Device\Harddisk0\Partition4 (Start_Offset:81504331776 | Length:38527179264)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:20.18
.
C:\Rooter$\Rooter_1.txt - (30/10/2009 | 23:20.18)



NoMD5 Log
NoMD5Sys by jpshortstuff (29.10.09.1)
Log created at 23:22 on 30/10/2009 (NGTABCS)

C:\pagefile.sys
----------------------------------------
C:\WINDOWS\system32\drivers\safeboot.sys
----------------------------------------
C:\WINDOWS\system32\drivers\safeboot.sys [Unable to get md5 : 30267 bytes]
C:\Winnt\system32\drivers\safeboot.sys
----------------------------------------
C:\WINDOWS\system32\drivers\safeboot.sys [Unable to get md5 : 30267 bytes]

-=E.O.F=-


CKScanner Log
CKScanner - Additional Security Risks - These are not necessarily bad
c:\apps\cygwin\bin\ssh-keygen.exe
c:\apps\cygwin\usr\man\man1\ssh-keygen.1
scanner sequence 3.AA.11
----- EOF -----



RootRepeal Log
I got below errors while running RootRepeal tool..
could not read boot sector. Try adjusting the disk access level in the options dialog
Could not read system registry. Please contact the author


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 23:35
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF20B8000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF67B8000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xBEBE6000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0xfc62fad0

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\drivers\RapDrv.sys" at address 0xbfac591e

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\Drivers\SbPrcCtl.SYS" at address 0xf675c9b1

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\System32\drivers\RapDrv.sys" at address 0xbfac52c0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xf24fccc0

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\drivers\RapDrv.sys" at address 0xbfac5a68

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\drivers\RapDrv.sys" at address 0xbfac52d2

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "<unknown>" at address 0xfc5ada80

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0xfc5b8c10

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xf24fcf20

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\drivers\RapDrv.sys" at address 0xbfac5162

==EOF==


OTL Log
I got below error while running otl tool ...

invalid time flag! [md5]
Must be numerical
Rorschach112
Oct 31 2009, 07:51 PM
delete OTL and re-download it and run it again

should work now
Vamsee
Nov 1 2009, 12:03 AM
Thank you...OTL is hasn't finished scan from past 1 hour.. It running "Manual File Scan - Looking in folder: " again and again. Do you want me to let it continue? Please advise
Vamsee
Nov 1 2009, 03:40 AM
Below are OTL.txt and extras.txt

OTL.txt
OTL logfile created on: 10/31/2009 7:59:15 PM - Run 1
OTL by OldTimer - Version 3.1.1.8 Folder = C:\Documents and Settings\ngtabcs\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 35.53 Gb Free Space | 63.56% Space Free | Partition Type: NTFS
Drive D: | 35.88 Gb Total Space | 29.18 Gb Free Space | 81.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 973.17 Mb Total Space | 445.48 Mb Free Space | 45.78% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: NGTABCS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/31 19:24:22 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ngtabcs\Desktop\OTL.exe
PRC - [2009/02/06 12:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/07/17 08:16:07 | 00,049,212 | ---- | M] (Control Break International) -- C:\Program Files\Safeboot\sbmgrnt.exe
PRC - [2008/04/04 13:48:44 | 02,011,473 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Blackice\blackd.exe
PRC - [2007/10/09 20:17:44 | 02,183,168 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2007/10/09 20:17:44 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2007/10/09 20:17:40 | 01,921,024 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2007/08/01 12:15:00 | 00,155,717 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/04/27 15:10:10 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/12/14 12:19:04 | 00,844,126 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Blackice\RapApp.exe
PRC - [2006/12/14 12:19:04 | 00,426,333 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Blackice\vpatch.exe
PRC - [2006/10/16 23:28:56 | 00,372,208 | ---- | M] (OpenAFS Project) -- C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
PRC - [2006/10/16 23:28:54 | 00,125,936 | ---- | M] (OpenAFS Project) -- C:\Program Files\OpenAFS\Client\Program\afscreds.exe
PRC - [2006/07/19 05:25:56 | 00,507,904 | ---- | M] (Andrei Gourianov) -- C:\Apps\GoScreen\goScreen.exe
PRC - [2006/06/15 01:40:34 | 00,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/06/15 01:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/06/15 01:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/04/11 17:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/03/24 17:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/24 17:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/03/24 17:14:48 | 00,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/09/28 00:33:40 | 00,136,704 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\UMCSTUB.EXE
PRC - [2005/06/24 17:32:24 | 00,258,048 | ---- | M] (Fiberlink Communications Corp.) -- C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
PRC - [2005/05/06 17:19:30 | 00,065,604 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
PRC - [2005/02/22 13:16:14 | 00,087,720 | ---- | M] (Hummingbird Ltd.) -- C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\Humnmap.exe
PRC - [2005/02/22 12:58:14 | 00,054,952 | ---- | M] (Hummingbird Ltd.) -- C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\NFS Maestro\expserv.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2005/01/10 14:21:24 | 00,172,121 | ---- | M] (Symantec) -- C:\Program Files\Fiberlink\Extend360\VPNSentry.exe
PRC - [2004/08/04 00:56:58 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2004/08/04 00:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2004/08/04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 00:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 00:56:50 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2004/07/19 18:00:14 | 00,033,968 | ---- | M] (Hummingbird Ltd.) -- C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\HumGSS.exe
PRC - [2004/07/13 22:42:26 | 00,050,344 | ---- | M] (Hummingbird Ltd.) -- C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
PRC - [2003/11/19 10:29:28 | 00,032,768 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\Ca\Unicenter Software Delivery\Bin\SDServ.exe
PRC - [2003/03/19 05:55:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2001/03/16 13:21:52 | 00,208,896 | ---- | M] (AT&T Research Labs Cambridge) -- C:\Program Files\Orl\Vnc\WinVNC.exe


========== Win32 Services (SafeList) ==========

SRV - [2008/07/17 08:16:07 | 00,049,212 | ---- | M] (Control Break International) -- C:\Program Files\Safeboot\sbmgrnt.exe
SRV - [2008/04/04 13:48:44 | 02,011,473 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Blackice\blackd.exe
SRV - [2007/10/09 20:17:44 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
SRV - [2007/08/01 12:15:00 | 00,155,717 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
SRV - [2007/04/13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
SRV - [2007/04/13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
SRV - [2006/12/14 12:19:04 | 00,844,126 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Blackice\RapApp.exe
SRV - [2006/12/14 12:19:04 | 00,426,333 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Blackice\vpatch.exe
SRV - [2006/10/16 23:28:56 | 00,372,208 | ---- | M] (OpenAFS Project) -- C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
SRV - [2006/06/15 01:40:28 | 00,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
SRV - [2006/06/15 01:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
SRV - [2006/06/15 01:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
SRV - [2006/04/11 17:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
SRV - [2006/03/24 17:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
SRV - [2006/03/24 17:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
SRV - [2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
SRV - [2006/01/24 20:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SRV - [2005/09/28 00:33:40 | 00,136,704 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\UMCSTUB.EXE
SRV - [2005/09/23 07:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
SRV - [2005/06/24 17:32:24 | 00,258,048 | ---- | M] (Fiberlink Communications Corp.) -- C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
SRV - [2005/05/06 17:19:30 | 00,065,604 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
SRV - [2005/02/22 13:16:14 | 00,087,720 | ---- | M] (Hummingbird Ltd.) -- C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\Humnmap.exe
SRV - [2005/02/22 12:58:14 | 00,054,952 | ---- | M] (Hummingbird Ltd.) -- C:\WINDOWS\System32\Hummingbird\Connectivity\10.00\NFS Maestro\expserv.exe
SRV - [2005/02/10 13:17:52 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
SRV - [2004/08/04 00:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
SRV - [2004/07/13 22:42:26 | 00,050,344 | ---- | M] (Hummingbird Ltd.) -- C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
SRV - [2003/11/19 10:29:28 | 00,032,768 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\Ca\Unicenter Software Delivery\Bin\SDServ.exe
SRV - [2003/08/06 12:18:12 | 00,073,728 | ---- | M] () -- C:\WINDOWS\LIC98RMTD.exe
SRV - [2003/08/06 12:18:10 | 00,073,728 | ---- | M] () -- C:\WINDOWS\LIC98RMT.exe
SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
SRV - [2003/03/19 05:55:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
SRV - [2001/05/17 18:49:38 | 00,101,136 | ---- | M] () -- C:\Apps\Orawin8\Bin\Onrsd80.exe
SRV - [2001/03/16 13:21:52 | 00,208,896 | ---- | M] (AT&T Research Labs Cambridge) -- C:\Program Files\Orl\Vnc\WinVNC.exe


========== Modules (SafeList) ==========

MOD - [2009/10/31 19:24:22 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ngtabcs\Desktop\OTL.exe
MOD - [2006/08/25 08:45:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 00:56:44 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http-proxy.ae.ge.com:80


[2009/06/02 23:12:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\Mozilla\eclipse1\extensions
[2009/06/02 23:12:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\Mozilla\eclipse1\extensions

O1 HOSTS File: (0 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (SupportCentral) - {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} - C:\WINDOWS\system32\SCToolBar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AuditMode] C:\sysprep\factory.exe File not found
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CA-AMAgent] C:\Program Files\CA\Unicenter Asset Management\Agents\amagent.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [InvokeSysInfoJob] C:\WINDOWS\System32\CMD.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NFSUserSIDGSSLink] C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\HumGSS.exe (Hummingbird Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SBMGRNT.EXE] C:\Program Files\Safeboot\sbmgrnt.exe (Control Break International)
O4 - HKLM..\Run: [SDJobCheck] C:\Program Files\Ca\Unicenter Software Delivery\Bin\triggusr.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueCrypt] C:\WINDOWS\system32\GE\Scripts\tcmount.bat ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\ORL\VNC\WinVNC.exe (AT&T Research Labs Cambridge)
O4 - HKCU..\Run: [CheckIt] C:\WINDOWS/SYSTEM32/GE/Scripts/Checkit.vbs ()
O4 - HKCU..\Run: [DailyUpdate] C:\Apps\bin\Daily_Update_Utility.bat ()
O4 - HKCU..\Run: [ttool] C:\WINDOWS\sslsfil.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\IconAC76BA86.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AFS Credentials.lnk = C:\Program Files\OpenAFS\Client\Program\afscreds.exe (OpenAFS Project)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\goScreen.lnk = C:\Apps\GoScreen\goScreen.exe (Andrei Gourianov)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client (OnStartup).lnk = C:\WINDOWS\Installer\{06624881-CF7D-4F8A-86C0-5114B122E776}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\ngtabcs\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nodrivetypeautorun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nodrives = 1024
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SB_NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll (Microsoft Corporation)
O9 - Extra Button: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\Proxy.exe (General Electric)
O9 - Extra 'Tools' menuitem : Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\Proxy.exe (General Electric)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://ushousecall02.trendmicro.com/housec...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} http://americascomm04.ge.com/sametime/STMe...STJNILoader.cab (JNILoader Control)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://emeetings.webex.com/client/T26L10NS...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Sametime MRC 651FP1 http://americascomm04.ge.com/sametime/stme...gRoomClient.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fn.ae.ge.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AfsLogon: DllName - C:\WINDOWS\system32\afslogon.dll - C:\WINDOWS\system32\afslogon.dll (OpenAFS Project)
O20 - Winlogon\Notify\KFWLogon: DllName - C:\WINDOWS\system32\afslogon.dll - C:\WINDOWS\system32\afslogon.dll (OpenAFS Project)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/21 23:33:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/05/11 18:13:39 | 00,000,279 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/21 23:33:00 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

MsConfig - Services: "wltrysvc"
MsConfig - Services: "winvnc"
MsConfig - Services: "VPatch"
MsConfig - Services: "TransarcAFSDaemon"
MsConfig - Services: "Symantec AntiVirus"
MsConfig - Services: "SPBBCSvc"
MsConfig - Services: "SNDSrvc"
MsConfig - Services: "ServiceMgr"
MsConfig - Services: "SDService"
MsConfig - Services: "SavRoam"
MsConfig - Services: "SafeBootConfigurationManager"
MsConfig - Services: "RapApp"
MsConfig - Services: "ose"
MsConfig - Services: "OracleClientCache80"
MsConfig - Services: "NVSvc"
MsConfig - Services: "MDM"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "IDriverT"
MsConfig - Services: "HumNamemapping"
MsConfig - Services: "HCLInetd"
MsConfig - Services: "HCLExport"
MsConfig - Services: "FiberlinkMonitor"
MsConfig - Services: "DefWatch"
MsConfig - Services: "CVPND"
MsConfig - Services: "ccSetMgr"
MsConfig - Services: "ccEvtMgr"
MsConfig - Services: "CA_LIC_SRVR"
MsConfig - Services: "CA_LIC_CLNT"
MsConfig - Services: "BlackICE"
MsConfig - Services: "AmoAgent"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 1
MsConfig - State: "startup" - 0



ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10C51C61-FCE5-462C-88C2-2EC3A7F42A86} - C:\WINDOWS\System32\msiexec.exe /i C:\WINDOWS\Options\Packages\CoreApps\GETemplates\GETemplatesGEAE.msi /qb!
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1D2908F4-2CC5-4F72-BAFF-9026CF04C227} - %systemroot\system32\msiexec.exe /i %systemroot%\options\packages\coreapps\pcinfo\pcinfo.msi /qb!
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {257AC5ED-A013-4E10-B3C0-099F5E8D8FC2} - %Sytemroot%\system32\msiexec.exe /i %Systemroot%\options\pacakges\coreapps\TSG Proxy\TSG Proxy Button.msi /qn
ActiveX: {27B3FC9C-0096-4590-85B5-FF334D432C8D} - C:\WINDOWS\system32\msiexec.exe /i C:\WINDOWS\options\packages\coreapps\MekkoGraphics3\MekkoGraphics3.msi Transforms="C:\WINDOWS\options\packages\coreapps\MekkoGraphics3\MekkoGraphics3.mst" /qn
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3248F0A8-6813-11D6-A77B-00B0D0150100} - C:\\Windows\\Options\\Packages\\CoreApps\\Java_1.5_Update_10\\Java1.5_Update10_UserUpdate.exe
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4B4E10D1-F1C9-4AB7-8A5E-C1C6EFB18CF2} - C:\WINDOWS\system32\msiexec.exe /i C:\WINDOWS\options\packages\coreapps\TrueCrypt4.2a\TrueCrypt42a.msi /qb!
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {563AEAB7-BBF1-42D9-9D92-1C777806BECF} - C:\WINDOWS\system32\msiexec.exe /i C:\WINDOWS\options\packages\coreapps\customsettings\geaecustset4.msi /qb!
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5B4BD34A-EA56-448F-BDC0-F0B2DAB715E0} - C:\Windows\system32\msiexec.exe /faum {5B4BD34A-EA56-448F-BDC0-F0B2DAB715E0} /qn
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} - Security Update for Microsoft .NET Framework 2.0 (KB928365)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8EFA4753-7169-4CC3-A28B-0A1643B8A39B} - Microsoft .NET Framework 1.1 Hotfix (KB886903)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AC76BA86-7AD7-1033-7B44-A81200000003} - msiexec.exe /fu {AC76BA86-7AD7-1033-7B44-A81200000003} /qn
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF2EEAD4-1634-478A-9653-D1A6ADAB22A3} - C:\Windows\system32\msiexec.exe /f {EF2EEAD4-1634-478A-9653-D1A6ADAB22A3} /qn
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/31 19:27:47 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ngtabcs\Desktop\OTL.exe
[2009/10/30 17:56:40 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/30 17:56:38 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/30 17:56:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/30 17:55:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/30 17:46:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngtabcs\Desktop\index.php_files
[2009/10/30 17:36:30 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/30 17:34:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngtabcs\Desktop\virusTools
[2009/10/30 09:34:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngtabcs\Desktop\backups
[2009/10/29 23:12:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngtabcs\Application Data\U3
[2009/10/29 23:12:52 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ngtabcs\Desktop\HijackThis.exe
[2009/10/29 20:29:07 | 00,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2009/10/29 20:29:06 | 00,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2009/10/29 20:28:51 | 00,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2009/10/29 20:28:50 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2009/10/29 20:28:32 | 00,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2009/10/29 20:28:32 | 00,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2009/10/29 20:28:28 | 00,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2009/10/29 20:28:23 | 00,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2009/10/29 20:28:15 | 00,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2009/10/29 20:28:15 | 00,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2009/10/29 20:28:15 | 00,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2009/10/29 20:28:13 | 00,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2009/10/29 20:28:12 | 00,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2009/10/29 20:28:12 | 00,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2009/10/29 20:28:11 | 00,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2009/10/29 20:28:07 | 00,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2009/10/29 20:28:06 | 00,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2009/10/29 20:28:06 | 00,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2009/10/29 20:28:06 | 00,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2009/10/29 20:28:01 | 00,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2009/10/29 20:27:58 | 00,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2009/10/29 20:27:57 | 00,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2009/10/29 20:27:57 | 00,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2009/10/29 20:27:52 | 00,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2009/10/29 20:27:52 | 00,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2009/10/29 20:27:52 | 00,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2009/10/29 20:27:52 | 00,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2009/10/29 20:27:52 | 00,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2009/10/29 20:27:52 | 00,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2009/10/29 20:27:48 | 00,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2009/10/29 20:27:46 | 00,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2009/10/29 20:27:46 | 00,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2009/10/29 20:27:45 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2009/10/29 20:27:45 | 00,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2009/10/29 20:27:44 | 00,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2009/10/29 20:27:41 | 00,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2009/10/29 20:27:41 | 00,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2009/10/29 20:27:36 | 00,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2009/10/29 20:27:36 | 00,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2009/10/29 20:27:35 | 00,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2009/10/29 20:27:35 | 00,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2009/10/29 20:27:32 | 00,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2009/10/29 20:27:27 | 00,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2009/10/29 20:27:21 | 00,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2009/10/29 20:27:21 | 00,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2009/10/29 20:27:20 | 00,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2009/10/29 20:27:20 | 00,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2009/10/29 20:27:20 | 00,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2009/10/29 20:27:13 | 00,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2009/10/29 20:27:12 | 00,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2009/10/29 20:27:12 | 00,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2009/10/29 20:27:11 | 00,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2009/10/29 20:27:05 | 00,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2009/10/29 20:27:05 | 00,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2009/10/29 20:27:04 | 00,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2009/10/29 20:27:04 | 00,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2009/10/29 20:27:00 | 00,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2009/10/29 20:26:57 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2009/10/29 20:26:57 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2009/10/29 20:26:54 | 00,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2009/10/29 20:26:54 | 00,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2009/10/29 20:26:54 | 00,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2009/10/29 20:26:54 | 00,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2009/10/29 20:26:54 | 00,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2009/10/29 20:26:53 | 00,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2009/10/29 20:26:53 | 00,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2009/10/29 20:26:53 | 00,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2009/10/29 20:26:53 | 00,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2009/10/29 20:26:52 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2009/10/29 20:26:52 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2009/10/29 20:26:51 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2009/10/29 20:26:51 | 00,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2009/10/29 20:26:49 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2009/10/29 20:26:49 | 00,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2009/10/29 20:26:48 | 00,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2009/10/29 20:26:46 | 00,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2009/10/29 20:26:45 | 00,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2009/10/29 20:26:44 | 00,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2009/10/29 20:26:38 | 00,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2009/10/29 20:26:38 | 00,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2009/10/29 20:26:33 | 00,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2009/10/29 20:26:33 | 00,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2009/10/29 20:26:32 | 00,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2009/10/29 20:26:30 | 00,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2009/10/29 20:26:21 | 00,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2009/10/29 20:26:21 | 00,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2009/10/29 20:26:20 | 00,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2009/10/29 20:26:19 | 00,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2009/10/29 20:26:19 | 00,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2009/10/29 20:26:16 | 00,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2009/10/29 20:26:15 | 00,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2009/10/29 20:26:15 | 00,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2009/10/29 20:26:15 | 00,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2009/10/29 20:26:05 | 00,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2009/10/29 20:26:02 | 00,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2009/10/29 20:26:02 | 00,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2009/10/29 20:26:01 | 00,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2009/10/29 20:26:00 | 00,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2009/10/29 20:25:56 | 00,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2009/10/29 20:25:55 | 00,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2009/10/29 20:25:53 | 00,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2009/10/29 20:25:53 | 00,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2009/10/29 20:25:53 | 00,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2009/10/29 20:25:53 | 00,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2009/10/29 20:25:53 | 00,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2009/10/29 20:25:53 | 00,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2009/10/29 20:25:52 | 00,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2009/10/29 20:25:52 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2009/10/29 20:25:52 | 00,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2009/10/29 20:25:51 | 00,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2009/10/29 20:25:51 | 00,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2009/10/29 20:25:50 | 00,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2009/10/29 20:25:23 | 00,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2009/10/29 20:25:10 | 00,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2009/10/29 20:25:06 | 00,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2009/10/29 20:25:06 | 00,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2009/10/29 20:25:05 | 00,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2009/10/29 20:25:05 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2009/10/29 20:25:05 | 00,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2009/10/29 20:25:05 | 00,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2009/10/29 20:25:02 | 00,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2009/10/29 20:25:02 | 00,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2009/10/29 20:25:02 | 00,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2009/10/29 20:25:01 | 00,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2009/10/29 20:25:00 | 00,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2009/10/29 20:25:00 | 00,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2009/10/29 20:24:46 | 00,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2009/10/29 20:24:42 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2009/10/29 20:24:28 | 00,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2009/10/29 20:24:09 | 00,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2009/10/29 20:24:09 | 00,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2009/10/29 20:24:02 | 00,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2009/10/29 20:24:02 | 00,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2009/10/29 20:24:02 | 00,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2009/10/29 20:23:58 | 00,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2009/10/29 20:23:54 | 00,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2009/10/29 20:23:53 | 00,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2009/10/29 20:23:52 | 00,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2009/10/29 20:23:51 | 00,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2009/10/29 20:23:51 | 00,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2009/10/29 20:23:50 | 00,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2009/10/29 20:23:47 | 00,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2009/10/29 20:23:46 | 00,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2009/10/29 20:23:46 | 00,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2009/10/29 20:23:43 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2009/10/29 20:23:43 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2009/10/29 20:23:42 | 00,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2009/10/29 20:23:42 | 00,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2009/10/29 20:23:40 | 00,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2009/10/29 20:23:29 | 00,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2009/10/29 20:23:26 | 00,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2009/10/29 20:23:23 | 00,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2009/10/29 20:23:22 | 00,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2009/10/29 20:23:22 | 00,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2009/10/29 20:23:21 | 00,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2009/10/29 20:23:21 | 00,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2009/10/29 20:23:21 | 00,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2009/10/29 20:23:21 | 00,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2009/10/29 20:23:19 | 00,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2009/10/29 20:23:15 | 00,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2009/10/29 20:23:14 | 00,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2009/10/29 20:23:13 | 00,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2009/10/29 20:23:06 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2009/10/29 20:23:06 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2009/10/29 20:23:06 | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2009/10/29 20:23:05 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2009/10/29 20:23:05 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2009/10/29 20:23:05 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2009/10/29 20:23:05 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2009/10/29 20:23:04 | 00,249,856 | ---- | C] (ComtrolŪ Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2009/10/29 20:23:03 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2009/10/29 20:23:02 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2009/10/29 20:22:56 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2009/10/29 20:22:53 | 00,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2009/10/29 20:22:49 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2009/10/29 20:22:48 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2009/10/29 20:22:48 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2009/10/29 20:22:48 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2009/10/29 20:22:48 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2009/10/29 20:22:47 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2009/10/29 20:22:47 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2009/10/29 20:22:46 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2009/10/29 20:22:46 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2009/10/29 20:22:46 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2009/10/29 20:22:45 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2009/10/29 20:22:30 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2009/10/29 20:22:30 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2009/10/29 20:22:30 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2009/10/29 20:22:30 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2009/10/29 20:22:30 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2009/10/29 20:22:30 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2009/10/29 20:22:29 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2009/10/29 20:22:29 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2009/10/29 20:22:28 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2009/10/29 20:22:28 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2009/10/29 20:22:28 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2009/10/29 20:22:28 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2009/10/29 20:22:27 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2009/10/29 20:22:27 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2009/10/29 20:22:27 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2009/10/29 20:22:27 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2009/10/29 20:22:27 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2009/10/29 20:22:27 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2009/10/29 20:22:25 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2009/10/29 20:22:23 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2009/10/29 20:22:23 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2009/10/29 20:22:23 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2009/10/29 20:22:22 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2009/10/29 20:22:22 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2009/10/29 20:22:22 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2009/10/29 20:22:22 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2009/10/29 20:22:02 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2009/10/29 20:22:01 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2009/10/29 20:21:57 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2009/10/29 20:21:48 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2009/10/29 20:21:47 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2009/10/29 20:21:47 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2009/10/29 20:21:47 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2009/10/29 20:21:46 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2009/10/29 20:21:46 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2009/10/29 20:21:45 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2009/10/29 20:21:44 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2009/10/29 20:21:43 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2009/10/29 20:21:43 | 00,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2009/10/29 20:21:42 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2009/10/29 20:21:42 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2009/10/29 20:21:41 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2009/10/28 19:58:28 | 00,062,208 | ---- | C] (GoldWave Inc.) -- C:\WINDOWS\sslsfil_old.exe

========== Files - Modified Within 14 Days ==========

[2009/10/31 19:27:45 | 00,421,091 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/10/31 19:24:22 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ngtabcs\Desktop\OTL.exe
[2009/10/31 00:47:48 | 00,475,154 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/31 00:47:48 | 00,404,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/31 00:47:48 | 00,063,590 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/31 00:45:37 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client (OnStartup).lnk
[2009/10/31 00:45:36 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AFS Credentials.lnk
[2009/10/31 00:45:34 | 00,002,327 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/10/31 00:43:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/31 00:42:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/31 00:38:01 | 04,194,304 | -H-- | M] () -- C:\Documents and Settings\ngtabcs\ntuser.dat
[2009/10/31 00:30:35 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/31 00:30:35 | 00,000,239 | RHS- | M] () -- C:\boot.ini
[2009/10/31 00:30:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/30 23:00:00 | 00,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009/10/30 23:00:00 | 00,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2009/10/30 23:00:00 | 00,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009/10/30 17:56:42 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/30 17:44:48 | 00,037,170 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\index.php.htm
[2009/10/30 17:36:36 | 00,000,773 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/30 17:36:31 | 00,000,617 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\NTREGOPT.lnk
[2009/10/30 17:36:31 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\ERUNT.lnk
[2009/10/30 17:19:34 | 00,464,491 | ---- | M] () -- C:\RootRepeal.zip
[2009/10/30 09:30:04 | 00,421,091 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/10/30 04:30:02 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009/10/30 04:30:02 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2009/10/30 04:30:02 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009/10/29 23:03:02 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\ngtabcs\ntuser.ini
[2009/10/29 22:03:24 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\ngtabcs\Desktop\HijackThis.exe
[2009/10/29 18:13:50 | 00,002,433 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\VPN Client.lnk
[2009/10/29 02:17:12 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2009/10/29 01:03:11 | 00,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2009/10/29 01:00:00 | 00,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009/10/29 00:00:08 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2009/10/29 00:00:07 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009/10/28 20:44:31 | 00,117,676 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\winsock2_3.reg
[2009/10/28 20:44:04 | 00,081,856 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\winsock2_2.reg
[2009/10/28 20:42:23 | 00,117,900 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\winsock2.reg
[2009/10/28 19:58:26 | 00,062,208 | ---- | M] (GoldWave Inc.) -- C:\WINDOWS\sslsfil_old.exe
[2009/10/28 19:55:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/27 17:29:18 | 00,003,858 | -H-- | M] () -- D:\Users\NGTABCS\My Documents\Default.rdp
[2009/10/25 10:50:19 | 00,066,852 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\target_photo.pdf
[2009/10/25 10:50:16 | 00,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\hitefaki
[2009/10/30 23:28:14 | 00,464,491 | ---- | C] () -- C:\RootRepeal.zip
[2009/10/30 17:56:42 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/30 17:46:21 | 00,037,170 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\index.php.htm
[2009/10/30 17:36:36 | 00,000,773 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/30 17:36:31 | 00,000,617 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\NTREGOPT.lnk
[2009/10/30 17:36:31 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\ERUNT.lnk
[2009/10/30 01:55:03 | 00,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client (OnStartup).lnk
[2009/10/30 01:55:03 | 00,002,327 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/10/30 01:55:03 | 00,000,892 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AFS Credentials.lnk
[2009/10/30 01:55:03 | 00,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\goScreen.lnk
[2009/10/29 20:29:06 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2009/10/29 20:29:06 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2009/10/29 20:26:31 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2009/10/29 20:26:31 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2009/10/29 20:25:28 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2009/10/29 20:24:09 | 00,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2009/10/29 20:24:09 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2009/10/29 20:24:09 | 00,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2009/10/29 20:24:08 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2009/10/29 20:24:08 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2009/10/29 20:23:22 | 00,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2009/10/29 20:23:21 | 00,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2009/10/29 20:23:21 | 00,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2009/10/29 20:22:16 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2009/10/29 20:22:16 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2009/10/29 20:22:15 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2009/10/29 20:22:14 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2009/10/29 20:22:14 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2009/10/29 20:22:14 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2009/10/29 20:22:13 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2009/10/29 20:22:13 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2009/10/29 20:22:13 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2009/10/29 20:22:08 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2009/10/28 20:44:31 | 00,117,676 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\winsock2_3.reg
[2009/10/28 20:44:04 | 00,081,856 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\winsock2_2.reg
[2009/10/28 20:42:23 | 00,117,900 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\winsock2.reg
[2009/10/25 10:50:16 | 00,066,852 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\target_photo.pdf
[2009/08/03 14:00:47 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\ILM-Lite.dll
[2009/08/03 14:00:47 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\ILM.dll
[2009/08/03 14:00:47 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ILMcrypt.dll
[2009/06/03 11:03:43 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/06/03 11:00:53 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/06/03 11:00:53 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/03/26 00:54:46 | 00,000,114 | -H-- | C] () -- C:\Documents and Settings\ngtabcs\Application Data\srfvdo.dat
[2009/03/22 11:26:59 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\muralowu.dll
[2009/03/22 11:26:58 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\tavagato.dll
[2009/03/21 23:25:57 | 01,821,905 | -HS- | C] () -- C:\WINDOWS\System32\oyegiway.ini
[2009/03/21 11:25:32 | 01,821,914 | -HS- | C] () -- C:\WINDOWS\System32\umijiwot.ini
[2009/03/20 23:25:07 | 01,821,905 | -HS- | C] () -- C:\WINDOWS\System32\ebumavis.ini
[2009/03/14 07:31:20 | 01,714,486 | -HS- | C] () -- C:\WINDOWS\System32\idatonus.ini
[2009/03/04 03:22:46 | 01,628,553 | -HS- | C] () -- C:\WINDOWS\System32\umedujod.ini
[2009/03/04 03:17:19 | 01,544,926 | -HS- | C] () -- C:\WINDOWS\System32\akahoves.ini
[2009/02/24 11:49:59 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ekomupaf.ini
[2009/02/21 14:54:54 | 01,572,709 | -HS- | C] () -- C:\WINDOWS\System32\itehivol.ini
[2009/02/21 02:54:43 | 01,544,071 | -HS- | C] () -- C:\WINDOWS\System32\ajotodul.ini
[2009/02/20 01:31:00 | 01,544,071 | -HS- | C] () -- C:\WINDOWS\System32\idalapey.ini
[2009/02/17 19:15:07 | 01,544,071 | -HS- | C] () -- C:\WINDOWS\System32\umopovus.ini
[2009/02/16 09:49:31 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\evuvipek.ini
[2009/01/28 00:41:13 | 01,595,256 | -HS- | C] () -- C:\WINDOWS\System32\eyazeded.ini
[2009/01/21 21:58:05 | 01,390,370 | -HS- | C] () -- C:\WINDOWS\System32\izatopiw.ini
[2009/01/18 23:58:12 | 01,359,037 | -HS- | C] () -- C:\WINDOWS\System32\epejeviw.ini
[2009/01/13 22:05:13 | 01,303,104 | -HS- | C] () -- C:\WINDOWS\System32\ulajinew.ini
[2009/01/13 01:35:48 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ozozosal.ini
[2009/01/08 20:20:28 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\avoguvup.ini
[2008/12/28 11:50:33 | 01,261,704 | -HS- | C] () -- C:\WINDOWS\System32\ozagejir.ini
[2008/11/30 14:35:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/08/07 10:48:25 | 00,000,117 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Application Data\sstore.txt
[2008/07/31 14:01:38 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Local Settings\Application Data\fusioncache.dat
[2008/07/31 13:41:56 | 00,000,056 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Application Data\sstoreID.txt
[2008/07/29 15:00:57 | 04,323,176 | -H-- | C] () -- C:\Documents and Settings\ngtabcs\Local Settings\Application Data\IconCache.db
[2008/07/29 13:42:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\ngtabcs\Application Data\desktop.ini
[2008/07/17 08:16:05 | 00,030,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\safeboot.sys
[2008/07/17 08:04:11 | 00,000,029 | ---- | C] () -- C:\WINDOWS\CAI.INI
[2008/07/15 14:43:53 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/07/15 14:43:51 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/07/15 14:35:21 | 00,000,664 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/15 14:35:21 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/07/15 14:31:26 | 00,000,131 | ---- | C] () -- C:\WINDOWS\bisfax.ini
[2008/07/15 13:20:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/16 06:27:05 | 00,001,126 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/21 19:22:31 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/08/01 12:15:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/01 12:15:00 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/08/01 12:15:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/01 12:15:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/11/18 14:49:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/09 10:09:36 | 00,009,618 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3GDevice.xml
[2005/05/06 18:06:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2005/02/10 13:17:50 | 00,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/02/10 13:10:22 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2004/06/29 16:26:44 | 00,978,944 | ---- | C] () -- C:\WINDOWS\System32\imslsmp_dll.dll
[2004/06/29 16:26:42 | 19,804,160 | ---- | C] () -- C:\WINDOWS\System32\imsl_dll.dll
[2004/06/29 16:26:42 | 00,864,256 | ---- | C] () -- C:\WINDOWS\System32\imslblas_dll.dll
[2004/06/29 16:26:42 | 00,827,392 | ---- | C] () -- C:\WINDOWS\System32\imslscalar_dll.dll
[2003/08/06 15:46:32 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\jacob.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/27 12:39:40 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\SCToolBar.dll
[2001/08/23 13:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2000/10/22 07:20:10 | 00,254,464 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt2x.dll
[1998/09/21 16:16:00 | 00,000,167 | ---- | C] () -- C:\WINDOWS\Mtb12.ini

========== LOP Check ==========

[2008/07/15 14:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fiberlink
[2008/07/15 14:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hummingbird
[2009/10/25 10:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/08/07 11:04:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2008/09/16 22:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\CyberLink
[2009/03/22 13:36:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\HouseCall 6.6
[2009/06/11 13:40:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\Hummingbird
[2009/06/03 11:03:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\pdf995
[2009/06/03 10:58:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\Sametime
[2008/08/01 16:06:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\SQL Developer
[2008/08/29 10:04:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\TextPad
[2009/10/30 02:31:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\U3
[2009/10/04 19:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\webex
[2009/10/29 00:00:07 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2009/10/29 01:00:00 | 00,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2009/10/30 23:00:00 | 00,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2009/10/30 04:30:02 | 00,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2009/10/30 23:00:00 | 00,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2009/10/30 04:30:02 | 00,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2009/10/29 02:17:12 | 00,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2009/10/29 00:00:08 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2009/10/29 01:03:11 | 00,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2009/10/30 23:00:00 | 00,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2009/10/30 04:30:02 | 00,000,384 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2001/08/23 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/31 00:43:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/09/10 14:43:22 | 00,028,789 | ---- | M] () MD5=24BE3B300952EAE96EA756139B450948 -- C:\Apps\Perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\Winnt\system32\eventlog.dll
[2004/08/04 00:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\Winnt\system32\dllcache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\Winnt\system32\scecli.dll
[2004/08/04 00:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\Winnt\system32\dllcache\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 00:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 00:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\Winnt\system32\netlogon.dll
[2004/08/04 00:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\Winnt\system32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRV\SATA\iastor.sys
[2006/01/16 21:12:16 | 00,824,960 | ---- | M] () MD5=DFA47426ABB8311EBE33145790F8D179 -- C:\WINDOWS\Options\XP Source\I386\WIN9XMIG\PRINT\SBSINF\iastor.sys
[2007/07/24 17:39:28 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2006/01/16 21:12:16 | 00,824,960 | ---- | M] () MD5=DFA47426ABB8311EBE33145790F8D179 -- C:\Winnt\Options\XP Source\I386\WIN9XMIG\PRINT\SBSINF\iastor.sys
[2007/07/24 17:39:28 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Winnt\system32\drivers\iaStor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Winnt\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Winnt\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Winnt\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Winnt\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 19:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/03 19:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2004/08/03 19:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\Winnt\system32\dllcache\agp440.sys
[2004/08/03 19:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\Winnt\system32\drivers\AGP440.SYS

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >

Extras.txt

OTL Extras logfile created on: 10/31/2009 7:59:15 PM - Run 1
OTL by OldTimer - Version 3.1.1.8 Folder = C:\Documents and Settings\ngtabcs\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 35.53 Gb Free Space | 63.56% Space Free | Partition Type: NTFS
Drive D: | 35.88 Gb Total Space | 29.18 Gb Free Space | 81.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 5.49 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 973.17 Mb Total Space | 445.48 Mb Free Space | 45.78% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: NGTABCS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5556:TCP" = 5556:TCP:*:Enabled:SafeBoot
"7001:UDP" = 7001:UDP:*:Enabled:AFS CacheManager Callback (UDP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5556:TCP" = 5556:TCP:*:Enabled:SafeBoot
"7001:UDP" = 7001:UDP:*:Enabled:AFS CacheManager Callback (UDP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{06624881-CF7D-4F8A-86C0-5114B122E776}" = Cisco Systems VPN Client 4.6.02.0011
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0DC7EA8D-804E-4797-8EA1-7680FB2A2AEB}" = Wireless Selector V1.0
"{10C51C61-FCE5-462C-88C2-2EC3A7F42A86}" = GE Aviation Office Templates
"{11B113CF-671B-49C1-AFA5-FBA9D0AE2777}" = Microsoft Visual Studio 2005 Remote Debugger - ENU
"{17432220-6A5F-11D4-8D47-00400553F055}" = PBDK v6.5
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1842BFCD-601D-4A3B-AD51-48BEA48D17A1}" = S&P Polices Screen Saver
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1D2908F4-2CC5-4F72-BAFF-9026CF04C227}" = PC Info
"{1F0005A5-1921-4F2E-B9AE-23F9D82BD6BD}" = PowerDVD 5.7
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{27B3FC9C-0096-4590-85B5-FF334D432C8D}" = Mekko Graphics
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{4A321ABA-4FC6-4966-950C-8F68A6078540}" = GE Fonts Version 5
"{4AA455FB-BFEE-473C-AA0E-4FDA505F6FB7}" = IBM Lotus Sametime Connect 7.5
"{4B4E10D1-F1C9-4AB7-8A5E-C1C6EFB18CF2}" = TrueCrypt
"{4C606B94-E4FA-4234-9324-A7D6ECC8DC9B}" = Microsoft Office Converter Pack
"{4F0597D3-02A8-4008-9F15-36EAEB0DE81A}" = Cygwin 1.3.12 M
"{511F65B3-64DB-4C05-88E1-9C3C92A9B2E1}" = PerlDirect 5.8.4
"{527A5175-4B90-4050-BB12-24D90EF159D5}" = Sametime
"{563AEAB7-BBF1-42D9-9D92-1C777806BECF}" = GEAE Custom Settings
"{596EF7C4-9DBE-11D6-8D97-00400553F055}" = MiniTab
"{5B4BD34A-EA56-448F-BDC0-F0B2DAB715E0}" = Support Central Toolbar for Internet Explorer
"{5B63758B-A0C8-4DDD-9584-714E6D0D9A73}" = ActiveState ActiveTCL 8.4.9.1
"{5E17E4DC-E5E3-465D-8906-74A81C94CC88}" = Oracle v8.0.6 Support Files
"{5FEC169B-B5CC-4D31-A71A-4AD057947A31}" = Hummingbird NFS Maestro Solo 10
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A7E20D9-7422-4AB9-B24D-0053127B1FC9}" = Microsoft Visual Studio .Net Pro. 2003 - GE Environment Variables & Shortcuts
"{6DE0577F-09AF-447C-A278-94B3C0122E18}" = PBDK v7.03
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{71F980C4-72F9-4183-8AA2-80D834E9A713}" = Java Run-time Environment v1.3.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{774BB298-5233-4538-819A-663CC728D1CD}" = Inspira Fonts v2.0
"{77D130B1-AB6D-454F-B14E-C88A80265CC1}" = Hive Loader
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}" = Symantec AntiVirus
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{8574000D-08DC-4E10-A2A4-582CAD387AF3}" = SwiftView
"{8A7BFD12-6327-422F-9F81-F3F477A1F4DB}" = SD Catalog Win32 ENU
"{901A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{9FB5A12C-9F1D-4B76-9435-1FC013CDA50F}" = GE - Establish GEI - Aviation ATW Environment
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A612905F-CB7A-4CDB-B5FA-3A68A5553113}" = IE Trusted Sites
"{A6B14EE9-86DC-4244-8BC3-A273B0C1B02D}" = Visual Studio .NET MSDN
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF6ADF1-8A69-4BBF-84C1-702253B1F32B}" = Cisco VPN Profiles
"{ADB3BD26-F026-40B7-9A03-AC9B0F28567E}" = Java Run-time Environment v1.3.0_02
"{B0202F89-B310-4E58-A1C5-FB38BFB55052}" = UG NX 4.0.4.2
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B3A51E4B-F165-4930-A1BD-3A9B519BC1D8}" = Hummingbird Exceed 10
"{B49839FD-D973-421B-9474-9E789BBC74D1}" = WinVNC 3.3.3
"{B9F6AADF-74A7-4B6F-B303-22E71B294F99}" = SysInfoTool
"{BB78F437-A096-4297-A7D5-9AC1BB289404}" = Extend360
"{BF6BB379-F165-4393-9BC5-E8AF83060FBF}" = Software Store 3.0
"{BF9B6086-365C-4854-968C-AC2BA7D60264}" = TSG IE Proxy Button
"{C3B37969-DF17-4299-AA89-2FB4633063E2}" = Java Run-time Environment v1.4.1_02
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1DD3F19-95C1-45E5-9940-4403BFA48C4F}" = CA Client for TSG
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D7537113-A954-4F32-8D6D-D2AB0D1B71BD}" = OpenAFS for Windows
"{E35506EC-F1B6-46F1-B176-595EA27CC3C0}" = GoScreen
"{EF2EEAD4-1634-478A-9653-D1A6ADAB22A3}" = TextPad
"{F76988DB-A846-4B3F-ACAB-A22F8B46B478}" = FAXCOM Suite for Windows Client
"{F8CF51E0-F6E3-4468-AB07-CE4A5661E100}" = SDUser
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CA UAM Agent For PCs" = CA UAM Agent For PCs
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Microsoft Visual Studio 2005 Remote Debugger - ENU" = Microsoft Visual Studio 2005 Remote Debugger - ENU
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995
"SynTPDeinstKey" = Dell Touchpad
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/31/2009 12:45:01 AM | Computer Name = OFFICE | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 10/31/2009 12:45:03 AM | Computer Name = OFFICE | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 10/31/2009 12:45:14 AM | Computer Name = OFFICE | Source = UserInit | ID = 1000
Description = Could not execute the following script CAUnicenterR11CheckV4.vbs.
The system cannot find the file specified. .

Error - 10/31/2009 12:45:14 AM | Computer Name = OFFICE | Source = UserInit | ID = 1000
Description = Could not execute the following script InfBTimeEnd_v4.vbs. The system
cannot find the file specified. .

Error - 10/31/2009 12:45:34 AM | Computer Name = OFFICE | Source = Application Error | ID = 1004
Description = Faulting application lsass.exe, version 5.1.2600.2180, faulting module
unknown, version 0.0.0.0, fault address 0x00bd324c.

Error - 10/31/2009 12:45:51 AM | Computer Name = OFFICE | Source = Symantec AntiVirus | ID = 16711742
Description = Symantec AntiVirus communications layer failed to initialize. Remote
manageability has been disabled. An error occurred while initializing SSL-based
communication. Error code: 0x20000081.

Error - 10/31/2009 12:45:58 AM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application afsd_service.exe, version 1.4.206.0, faulting
module afsd_service.exe, version 1.4.206.0, fault address 0x00003358.

Error - 10/31/2009 12:46:03 AM | Computer Name = OFFICE | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 10/31/2009 12:46:07 AM | Computer Name = OFFICE | Source = Symantec AntiVirus | ID = 16711742
Description = Symantec AntiVirus communications layer failed to initialize. Remote
manageability has been disabled. An error occurred while initializing SSL-based
communication. Error code: 0x20000081.

Error - 10/31/2009 12:53:39 AM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application afsd_service.exe, version 1.4.206.0, faulting
module afsd_service.exe, version 1.4.206.0, fault address 0x00003358.

[ System Events ]
Error - 10/31/2009 12:06:26 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7031
Description = The OpenAFS Client service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 10/31/2009 12:06:37 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The OpenAFS Client service terminated unexpectedly. It has done this
3 time(s).

Error - 10/31/2009 12:43:16 AM | Computer Name = OFFICE | Source = NETLOGON | ID = 5737
Description = The system returned the following unexpected error code: %%10044

Error - 10/31/2009 12:44:19 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The Net Logon service terminated with the following error: %%10044

Error - 10/31/2009 12:44:19 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%10044

Error - 10/31/2009 12:45:47 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The OpenAFS Client service hung on starting.

Error - 10/31/2009 12:45:48 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7031
Description = The OpenAFS Client service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 10/31/2009 12:45:53 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the OpenAFS Client service, but
this action failed with the following error: %%1056

Error - 10/31/2009 12:53:32 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7031
Description = The OpenAFS Client service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 10/31/2009 7:26:49 PM | Computer Name = OFFICE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
Rorschach112
Nov 2 2009, 01:32 AM
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O4 - HKCU..\Run: [ttool] C:\WINDOWS\sslsfil.exe File not found
    [2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\hitefaki
    [2009/03/26 00:54:46 | 00,000,114 | -H-- | C] () -- C:\Documents and Settings\ngtabcs\Application Data\srfvdo.dat
    [2009/03/22 11:26:59 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\muralowu.dll
    [2009/03/22 11:26:58 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\tavagato.dll
    [2009/03/21 23:25:57 | 01,821,905 | -HS- | C] () -- C:\WINDOWS\System32\oyegiway.ini
    [2009/03/21 11:25:32 | 01,821,914 | -HS- | C] () -- C:\WINDOWS\System32\umijiwot.ini
    [2009/03/20 23:25:07 | 01,821,905 | -HS- | C] () -- C:\WINDOWS\System32\ebumavis.ini
    [2009/03/14 07:31:20 | 01,714,486 | -HS- | C] () -- C:\WINDOWS\System32\idatonus.ini
    [2009/03/04 03:22:46 | 01,628,553 | -HS- | C] () -- C:\WINDOWS\System32\umedujod.ini
    [2009/03/04 03:17:19 | 01,544,926 | -HS- | C] () -- C:\WINDOWS\System32\akahoves.ini
    [2009/02/24 11:49:59 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ekomupaf.ini
    [2009/02/21 14:54:54 | 01,572,709 | -HS- | C] () -- C:\WINDOWS\System32\itehivol.ini
    [2009/02/21 02:54:43 | 01,544,071 | -HS- | C] () -- C:\WINDOWS\System32\ajotodul.ini
    [2009/02/20 01:31:00 | 01,544,071 | -HS- | C] () -- C:\WINDOWS\System32\idalapey.ini
    [2009/02/17 19:15:07 | 01,544,071 | -HS- | C] () -- C:\WINDOWS\System32\umopovus.ini
    [2009/02/16 09:49:31 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\evuvipek.ini
    [2009/01/28 00:41:13 | 01,595,256 | -HS- | C] () -- C:\WINDOWS\System32\eyazeded.ini
    [2009/01/21 21:58:05 | 01,390,370 | -HS- | C] () -- C:\WINDOWS\System32\izatopiw.ini
    [2009/01/18 23:58:12 | 01,359,037 | -HS- | C] () -- C:\WINDOWS\System32\epejeviw.ini
    [2009/01/13 22:05:13 | 01,303,104 | -HS- | C] () -- C:\WINDOWS\System32\ulajinew.ini
    [2009/01/13 01:35:48 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\ozozosal.ini
    [2009/01/08 20:20:28 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\avoguvup.ini
    [2008/12/28 11:50:33 | 01,261,704 | -HS- | C] () -- C:\WINDOWS\System32\ozagejir.ini

    :Services

    :Reg

    :Files
    C:\WINDOWS\Tasks\At*.job
    c:\apps\cygwin\bin\ssh-keygen.exe
    c:\apps\cygwin\usr\man\man1\ssh-keygen.1
    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Vamsee
Nov 2 2009, 05:00 AM
Below is OTL.txt. Extras.txt is not created..

OTL.txt

OTL logfile created on: 11/1/2009 9:27:07 PM - Run 3
OTL by OldTimer - Version 3.1.1.8 Folder = C:\Documents and Settings\ngtabcs\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 35.49 Gb Free Space | 63.50% Space Free | Partition Type: NTFS
Drive D: | 35.88 Gb Total Space | 29.18 Gb Free Space | 81.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: NGTABCS
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/31 19:24:22 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ngtabcs\Desktop\OTL.exe
PRC - [2009/02/06 11:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/07/17 07:16:07 | 00,049,212 | ---- | M] (Control Break International) -- C:\Program Files\Safeboot\sbmgrnt.exe
PRC - [2008/04/04 12:48:44 | 02,011,473 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Blackice\blackd.exe
PRC - [2008/01/11 21:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/10/09 19:17:44 | 02,183,168 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2007/10/09 19:17:44 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2007/10/09 19:17:40 | 01,921,024 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2007/08/01 11:15:00 | 00,155,717 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/04/27 14:10:10 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/12/14 11:19:04 | 00,844,126 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Blackice\RapApp.exe
PRC - [2006/12/14 11:19:04 | 00,426,333 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Blackice\vpatch.exe
PRC - [2006/11/09 14:07:30 | 00,049,263 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
PRC - [2006/10/16 22:28:54 | 00,125,936 | ---- | M] (OpenAFS Project) -- C:\Program Files\OpenAFS\Client\Program\afscreds.exe
PRC - [2006/07/19 04:25:56 | 00,507,904 | ---- | M] (Andrei Gourianov) -- C:\Apps\GoScreen\goScreen.exe
PRC - [2006/06/15 00:40:34 | 00,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/06/15 00:40:34 | 00,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/06/15 00:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/06/15 00:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/04/11 16:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/03/24 16:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/24 16:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/03/24 16:14:48 | 00,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/01/25 06:58:40 | 00,646,144 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\Ca\Unicenter Asset Management\Agents\UMCLISVC.EXE
PRC - [2005/12/09 19:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/09/27 23:33:40 | 00,136,704 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\UMCSTUB.EXE
PRC - [2005/06/24 16:32:24 | 00,258,048 | ---- | M] (Fiberlink Communications Corp.) -- C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
PRC - [2005/05/06 16:19:30 | 00,065,604 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
PRC - [2005/02/22 12:16:14 | 00,087,720 | ---- | M] (Hummingbird Ltd.) -- C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\Humnmap.exe
PRC - [2005/02/22 11:58:14 | 00,054,952 | ---- | M] (Hummingbird Ltd.) -- C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\NFS Maestro\expserv.exe
PRC - [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2005/01/10 13:21:24 | 00,172,121 | ---- | M] (Symantec) -- C:\Program Files\Fiberlink\Extend360\VPNSentry.exe
PRC - [2004/08/03 23:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2004/08/03 23:56:52 | 00,093,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2004/08/03 23:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/03 23:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/03 23:56:50 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2004/08/03 23:56:50 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dumprep.exe
PRC - [2004/07/19 17:00:14 | 00,033,968 | ---- | M] (Hummingbird Ltd.) -- C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\HumGSS.exe
PRC - [2004/07/13 21:42:26 | 00,050,344 | ---- | M] (Hummingbird Ltd.) -- C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
PRC - [2003/11/19 09:29:28 | 00,032,768 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\Ca\Unicenter Software Delivery\Bin\SDServ.exe
PRC - [2003/03/19 04:55:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2001/03/16 12:21:52 | 00,208,896 | ---- | M] (AT&T Research Labs Cambridge) -- C:\Program Files\Orl\Vnc\WinVNC.exe


========== Win32 Services (SafeList) ==========

SRV - [2008/07/17 07:16:07 | 00,049,212 | ---- | M] (Control Break International) -- C:\Program Files\Safeboot\sbmgrnt.exe
SRV - [2008/04/04 12:48:44 | 02,011,473 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Blackice\blackd.exe
SRV - [2007/10/09 19:17:44 | 00,024,064 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
SRV - [2007/08/01 11:15:00 | 00,155,717 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
SRV - [2007/04/13 02:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
SRV - [2007/04/13 02:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
SRV - [2006/12/14 11:19:04 | 00,844,126 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Blackice\RapApp.exe
SRV - [2006/12/14 11:19:04 | 00,426,333 | ---- | M] (Internet Security Systems, Inc.) -- C:\Program Files\Blackice\vpatch.exe
SRV - [2006/10/16 22:28:56 | 00,372,208 | ---- | M] (OpenAFS Project) -- C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
SRV - [2006/06/15 00:40:28 | 00,115,952 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
SRV - [2006/06/15 00:40:24 | 01,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
SRV - [2006/06/15 00:40:16 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
SRV - [2006/04/11 16:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
SRV - [2006/03/24 16:14:58 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
SRV - [2006/03/24 16:14:52 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
SRV - [2006/02/23 10:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
SRV - [2006/01/24 19:06:58 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SRV - [2005/09/27 23:33:40 | 00,136,704 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\UMCSTUB.EXE
SRV - [2005/09/23 06:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
SRV - [2005/06/24 16:32:24 | 00,258,048 | ---- | M] (Fiberlink Communications Corp.) -- C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
SRV - [2005/05/06 16:19:30 | 00,065,604 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
SRV - [2005/02/22 12:16:14 | 00,087,720 | ---- | M] (Hummingbird Ltd.) -- C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\Humnmap.exe
SRV - [2005/02/22 11:58:14 | 00,054,952 | ---- | M] (Hummingbird Ltd.) -- C:\WINDOWS\System32\Hummingbird\Connectivity\10.00\NFS Maestro\expserv.exe
SRV - [2005/02/10 12:17:52 | 01,409,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
SRV - [2005/01/28 12:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
SRV - [2004/08/03 23:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
SRV - [2004/07/13 21:42:26 | 00,050,344 | ---- | M] (Hummingbird Ltd.) -- C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
SRV - [2003/11/19 09:29:28 | 00,032,768 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\Ca\Unicenter Software Delivery\Bin\SDServ.exe
SRV - [2003/08/06 11:18:12 | 00,073,728 | ---- | M] () -- C:\WINDOWS\LIC98RMTD.exe
SRV - [2003/08/06 11:18:10 | 00,073,728 | ---- | M] () -- C:\WINDOWS\LIC98RMT.exe
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
SRV - [2003/03/19 04:55:54 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
SRV - [2001/05/17 17:49:38 | 00,101,136 | ---- | M] () -- C:\Apps\Orawin8\Bin\Onrsd80.exe
SRV - [2001/03/16 12:21:52 | 00,208,896 | ---- | M] (AT&T Research Labs Cambridge) -- C:\Program Files\Orl\Vnc\WinVNC.exe


========== Modules (SafeList) ==========

MOD - [2009/10/31 19:24:22 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ngtabcs\Desktop\OTL.exe
MOD - [2006/08/25 07:45:56 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:56:44 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http-proxy.ae.ge.com:80


[2009/06/02 22:12:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\Mozilla\eclipse1\extensions
[2009/06/02 22:12:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\Mozilla\eclipse1\extensions

O1 HOSTS File: (0 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (SupportCentral) - {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} - C:\WINDOWS\system32\SCToolBar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AuditMode] C:\sysprep\factory.exe File not found
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CA-AMAgent] C:\Program Files\CA\Unicenter Asset Management\Agents\amagent.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [InvokeSysInfoJob] C:\WINDOWS\System32\CMD.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NFSUserSIDGSSLink] C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\HumGSS.exe (Hummingbird Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SBMGRNT.EXE] C:\Program Files\Safeboot\sbmgrnt.exe (Control Break International)
O4 - HKLM..\Run: [SDJobCheck] C:\Program Files\Ca\Unicenter Software Delivery\Bin\triggusr.exe (Computer Associates International, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueCrypt] C:\WINDOWS\system32\GE\Scripts\tcmount.bat ()
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\ORL\VNC\WinVNC.exe (AT&T Research Labs Cambridge)
O4 - HKCU..\Run: [CheckIt] C:\WINDOWS/SYSTEM32/GE/Scripts/Checkit.vbs ()
O4 - HKCU..\Run: [DailyUpdate] C:\Apps\bin\Daily_Update_Utility.bat ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\IconAC76BA86.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AFS Credentials.lnk = C:\Program Files\OpenAFS\Client\Program\afscreds.exe (OpenAFS Project)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\goScreen.lnk = C:\Apps\GoScreen\goScreen.exe (Andrei Gourianov)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client (OnStartup).lnk = C:\WINDOWS\Installer\{06624881-CF7D-4F8A-86C0-5114B122E776}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\ngtabcs\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nodrivetypeautorun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nodrives = 1024
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SB_NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll (Microsoft Corporation)
O9 - Extra Button: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\Proxy.exe (General Electric)
O9 - Extra 'Tools' menuitem : Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\Proxy.exe (General Electric)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://ushousecall02.trendmicro.com/housec...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} http://americascomm04.ge.com/sametime/STMe...STJNILoader.cab (JNILoader Control)
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.3.1/...all-131-win.cab (Java Plug-in 1.3.1)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.1_02)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://emeetings.webex.com/client/T26L10NS...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Sametime MRC 651FP1 http://americascomm04.ge.com/sametime/stme...gRoomClient.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fn.ae.ge.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AfsLogon: DllName - C:\WINDOWS\system32\afslogon.dll - C:\WINDOWS\system32\afslogon.dll (OpenAFS Project)
O20 - Winlogon\Notify\KFWLogon: DllName - C:\WINDOWS\system32\afslogon.dll - C:\WINDOWS\system32\afslogon.dll (OpenAFS Project)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - CLSID or File not found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/21 22:33:49 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bdd9a2f6-e825-11dd-ad4a-001c234b2cb0}\Shell - "" = AutoRun
O33 - MountPoints2\{bdd9a2f6-e825-11dd-ad4a-001c234b2cb0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bdd9a2f6-e825-11dd-ad4a-001c234b2cb0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/21 22:33:00 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

MsConfig - Services: "wltrysvc"
MsConfig - Services: "winvnc"
MsConfig - Services: "VPatch"
MsConfig - Services: "TransarcAFSDaemon"
MsConfig - Services: "Symantec AntiVirus"
MsConfig - Services: "SPBBCSvc"
MsConfig - Services: "SNDSrvc"
MsConfig - Services: "ServiceMgr"
MsConfig - Services: "SDService"
MsConfig - Services: "SavRoam"
MsConfig - Services: "SafeBootConfigurationManager"
MsConfig - Services: "RapApp"
MsConfig - Services: "ose"
MsConfig - Services: "OracleClientCache80"
MsConfig - Services: "NVSvc"
MsConfig - Services: "MDM"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "IDriverT"
MsConfig - Services: "HumNamemapping"
MsConfig - Services: "HCLInetd"
MsConfig - Services: "HCLExport"
MsConfig - Services: "FiberlinkMonitor"
MsConfig - Services: "DefWatch"
MsConfig - Services: "CVPND"
MsConfig - Services: "ccSetMgr"
MsConfig - Services: "ccEvtMgr"
MsConfig - Services: "CA_LIC_SRVR"
MsConfig - Services: "CA_LIC_CLNT"
MsConfig - Services: "BlackICE"
MsConfig - Services: "AmoAgent"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 1
MsConfig - State: "startup" - 0



ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10C51C61-FCE5-462C-88C2-2EC3A7F42A86} - C:\WINDOWS\System32\msiexec.exe /i C:\WINDOWS\Options\Packages\CoreApps\GETemplates\GETemplatesGEAE.msi /qb!
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1D2908F4-2CC5-4F72-BAFF-9026CF04C227} - %systemroot\system32\msiexec.exe /i %systemroot%\options\packages\coreapps\pcinfo\pcinfo.msi /qb!
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {257AC5ED-A013-4E10-B3C0-099F5E8D8FC2} - %Sytemroot%\system32\msiexec.exe /i %Systemroot%\options\pacakges\coreapps\TSG Proxy\TSG Proxy Button.msi /qn
ActiveX: {27B3FC9C-0096-4590-85B5-FF334D432C8D} - C:\WINDOWS\system32\msiexec.exe /i C:\WINDOWS\options\packages\coreapps\MekkoGraphics3\MekkoGraphics3.msi Transforms="C:\WINDOWS\options\packages\coreapps\MekkoGraphics3\MekkoGraphics3.mst" /qn
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3248F0A8-6813-11D6-A77B-00B0D0150100} - C:\\Windows\\Options\\Packages\\CoreApps\\Java_1.5_Update_10\\Java1.5_Update10_UserUpdate.exe
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4B4E10D1-F1C9-4AB7-8A5E-C1C6EFB18CF2} - C:\WINDOWS\system32\msiexec.exe /i C:\WINDOWS\options\packages\coreapps\TrueCrypt4.2a\TrueCrypt42a.msi /qb!
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {563AEAB7-BBF1-42D9-9D92-1C777806BECF} - C:\WINDOWS\system32\msiexec.exe /i C:\WINDOWS\options\packages\coreapps\customsettings\geaecustset4.msi /qb!
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5B4BD34A-EA56-448F-BDC0-F0B2DAB715E0} - C:\Windows\system32\msiexec.exe /faum {5B4BD34A-EA56-448F-BDC0-F0B2DAB715E0} /qn
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} - Security Update for Microsoft .NET Framework 2.0 (KB928365)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8EFA4753-7169-4CC3-A28B-0A1643B8A39B} - Microsoft .NET Framework 1.1 Hotfix (KB886903)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AC76BA86-7AD7-1033-7B44-A81200000003} - msiexec.exe /fu {AC76BA86-7AD7-1033-7B44-A81200000003} /qn
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF2EEAD4-1634-478A-9653-D1A6ADAB22A3} - C:\Windows\system32\msiexec.exe /f {EF2EEAD4-1634-478A-9653-D1A6ADAB22A3} /qn
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/01 21:17:25 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/31 18:27:47 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ngtabcs\Desktop\OTL.exe
[2009/10/30 16:56:40 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/30 16:56:38 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/30 16:56:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/30 16:55:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/30 16:46:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngtabcs\Desktop\index.php_files
[2009/10/30 16:36:30 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/30 16:34:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngtabcs\Desktop\virusTools
[2009/10/30 08:34:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngtabcs\Desktop\backups
[2009/10/29 22:12:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ngtabcs\Application Data\U3
[2009/10/29 22:12:52 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\ngtabcs\Desktop\HijackThis.exe
[2009/10/29 19:29:07 | 00,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2009/10/29 19:29:06 | 00,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2009/10/29 19:28:51 | 00,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2009/10/29 19:28:50 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2009/10/29 19:28:32 | 00,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2009/10/29 19:28:32 | 00,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2009/10/29 19:28:28 | 00,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2009/10/29 19:28:23 | 00,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2009/10/29 19:28:15 | 00,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2009/10/29 19:28:15 | 00,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2009/10/29 19:28:15 | 00,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2009/10/29 19:28:13 | 00,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2009/10/29 19:28:12 | 00,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2009/10/29 19:28:12 | 00,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2009/10/29 19:28:11 | 00,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2009/10/29 19:28:07 | 00,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2009/10/29 19:28:06 | 00,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2009/10/29 19:28:06 | 00,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2009/10/29 19:28:06 | 00,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2009/10/29 19:28:01 | 00,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2009/10/29 19:27:58 | 00,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2009/10/29 19:27:57 | 00,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2009/10/29 19:27:57 | 00,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2009/10/29 19:27:52 | 00,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2009/10/29 19:27:52 | 00,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2009/10/29 19:27:52 | 00,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2009/10/29 19:27:52 | 00,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2009/10/29 19:27:52 | 00,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2009/10/29 19:27:52 | 00,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2009/10/29 19:27:48 | 00,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2009/10/29 19:27:46 | 00,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2009/10/29 19:27:46 | 00,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2009/10/29 19:27:45 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2009/10/29 19:27:45 | 00,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2009/10/29 19:27:44 | 00,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2009/10/29 19:27:41 | 00,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2009/10/29 19:27:41 | 00,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2009/10/29 19:27:36 | 00,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2009/10/29 19:27:36 | 00,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2009/10/29 19:27:35 | 00,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2009/10/29 19:27:35 | 00,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2009/10/29 19:27:32 | 00,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2009/10/29 19:27:27 | 00,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2009/10/29 19:27:21 | 00,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2009/10/29 19:27:21 | 00,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2009/10/29 19:27:20 | 00,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2009/10/29 19:27:20 | 00,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2009/10/29 19:27:20 | 00,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2009/10/29 19:27:13 | 00,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2009/10/29 19:27:12 | 00,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2009/10/29 19:27:12 | 00,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2009/10/29 19:27:11 | 00,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2009/10/29 19:27:05 | 00,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2009/10/29 19:27:05 | 00,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2009/10/29 19:27:04 | 00,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2009/10/29 19:27:04 | 00,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2009/10/29 19:27:00 | 00,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2009/10/29 19:26:57 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2009/10/29 19:26:57 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2009/10/29 19:26:54 | 00,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2009/10/29 19:26:54 | 00,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2009/10/29 19:26:54 | 00,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2009/10/29 19:26:54 | 00,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2009/10/29 19:26:54 | 00,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2009/10/29 19:26:53 | 00,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2009/10/29 19:26:53 | 00,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2009/10/29 19:26:53 | 00,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2009/10/29 19:26:53 | 00,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2009/10/29 19:26:52 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2009/10/29 19:26:52 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2009/10/29 19:26:51 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2009/10/29 19:26:51 | 00,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2009/10/29 19:26:49 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2009/10/29 19:26:49 | 00,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2009/10/29 19:26:48 | 00,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2009/10/29 19:26:46 | 00,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2009/10/29 19:26:45 | 00,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2009/10/29 19:26:44 | 00,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2009/10/29 19:26:38 | 00,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2009/10/29 19:26:38 | 00,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2009/10/29 19:26:33 | 00,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2009/10/29 19:26:33 | 00,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2009/10/29 19:26:32 | 00,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2009/10/29 19:26:30 | 00,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2009/10/29 19:26:21 | 00,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2009/10/29 19:26:21 | 00,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2009/10/29 19:26:20 | 00,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2009/10/29 19:26:19 | 00,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2009/10/29 19:26:19 | 00,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2009/10/29 19:26:16 | 00,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2009/10/29 19:26:15 | 00,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2009/10/29 19:26:15 | 00,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2009/10/29 19:26:15 | 00,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2009/10/29 19:26:05 | 00,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2009/10/29 19:26:02 | 00,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2009/10/29 19:26:02 | 00,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2009/10/29 19:26:01 | 00,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2009/10/29 19:26:00 | 00,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2009/10/29 19:25:56 | 00,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2009/10/29 19:25:55 | 00,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2009/10/29 19:25:53 | 00,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2009/10/29 19:25:53 | 00,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2009/10/29 19:25:53 | 00,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2009/10/29 19:25:53 | 00,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2009/10/29 19:25:53 | 00,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2009/10/29 19:25:53 | 00,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2009/10/29 19:25:52 | 00,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2009/10/29 19:25:52 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2009/10/29 19:25:52 | 00,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2009/10/29 19:25:51 | 00,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2009/10/29 19:25:51 | 00,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2009/10/29 19:25:50 | 00,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2009/10/29 19:25:23 | 00,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2009/10/29 19:25:10 | 00,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2009/10/29 19:25:06 | 00,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2009/10/29 19:25:06 | 00,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2009/10/29 19:25:05 | 00,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2009/10/29 19:25:05 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2009/10/29 19:25:05 | 00,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2009/10/29 19:25:05 | 00,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2009/10/29 19:25:02 | 00,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2009/10/29 19:25:02 | 00,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2009/10/29 19:25:02 | 00,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2009/10/29 19:25:01 | 00,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2009/10/29 19:25:00 | 00,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2009/10/29 19:25:00 | 00,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2009/10/29 19:24:46 | 00,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2009/10/29 19:24:42 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2009/10/29 19:24:28 | 00,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2009/10/29 19:24:09 | 00,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2009/10/29 19:24:09 | 00,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2009/10/29 19:24:02 | 00,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2009/10/29 19:24:02 | 00,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2009/10/29 19:24:02 | 00,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2009/10/29 19:23:58 | 00,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2009/10/29 19:23:54 | 00,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2009/10/29 19:23:53 | 00,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2009/10/29 19:23:52 | 00,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2009/10/29 19:23:51 | 00,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2009/10/29 19:23:51 | 00,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2009/10/29 19:23:50 | 00,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2009/10/29 19:23:47 | 00,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2009/10/29 19:23:46 | 00,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2009/10/29 19:23:46 | 00,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2009/10/29 19:23:43 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2009/10/29 19:23:43 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2009/10/29 19:23:42 | 00,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2009/10/29 19:23:42 | 00,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2009/10/29 19:23:40 | 00,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2009/10/29 19:23:29 | 00,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2009/10/29 19:23:26 | 00,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2009/10/29 19:23:23 | 00,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2009/10/29 19:23:22 | 00,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2009/10/29 19:23:22 | 00,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2009/10/29 19:23:21 | 00,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2009/10/29 19:23:21 | 00,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2009/10/29 19:23:21 | 00,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2009/10/29 19:23:21 | 00,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2009/10/29 19:23:19 | 00,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2009/10/29 19:23:15 | 00,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2009/10/29 19:23:14 | 00,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2009/10/29 19:23:13 | 00,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2009/10/29 19:23:06 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2009/10/29 19:23:06 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2009/10/29 19:23:06 | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2009/10/29 19:23:05 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2009/10/29 19:23:05 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2009/10/29 19:23:05 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2009/10/29 19:23:05 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2009/10/29 19:23:04 | 00,249,856 | ---- | C] (ComtrolŪ Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2009/10/29 19:23:03 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2009/10/29 19:23:02 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2009/10/29 19:22:56 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2009/10/29 19:22:53 | 00,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2009/10/29 19:22:49 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2009/10/29 19:22:48 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2009/10/29 19:22:48 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2009/10/29 19:22:48 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2009/10/29 19:22:48 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2009/10/29 19:22:47 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2009/10/29 19:22:47 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2009/10/29 19:22:46 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2009/10/29 19:22:46 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2009/10/29 19:22:46 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2009/10/29 19:22:45 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2009/10/29 19:22:30 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2009/10/29 19:22:30 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2009/10/29 19:22:30 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2009/10/29 19:22:30 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2009/10/29 19:22:30 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2009/10/29 19:22:30 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2009/10/29 19:22:29 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2009/10/29 19:22:29 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2009/10/29 19:22:28 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2009/10/29 19:22:28 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2009/10/29 19:22:28 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2009/10/29 19:22:28 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2009/10/29 19:22:27 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2009/10/29 19:22:27 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2009/10/29 19:22:27 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2009/10/29 19:22:27 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2009/10/29 19:22:27 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2009/10/29 19:22:27 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2009/10/29 19:22:25 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2009/10/29 19:22:23 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2009/10/29 19:22:23 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2009/10/29 19:22:23 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2009/10/29 19:22:22 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2009/10/29 19:22:22 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2009/10/29 19:22:22 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2009/10/29 19:22:22 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2009/10/29 19:22:02 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2009/10/29 19:22:01 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2009/10/29 19:21:57 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2009/10/29 19:21:48 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2009/10/29 19:21:47 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2009/10/29 19:21:47 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2009/10/29 19:21:47 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2009/10/29 19:21:46 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2009/10/29 19:21:46 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2009/10/29 19:21:45 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2009/10/29 19:21:44 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2009/10/29 19:21:43 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2009/10/29 19:21:43 | 00,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2009/10/29 19:21:42 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2009/10/29 19:21:42 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2009/10/29 19:21:41 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2009/10/28 18:58:28 | 00,062,208 | ---- | C] (GoldWave Inc.) -- C:\WINDOWS\sslsfil_old.exe

========== Files - Modified Within 14 Days ==========

[2009/11/01 21:27:39 | 00,475,154 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 21:27:39 | 00,404,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 21:27:39 | 00,063,590 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 21:25:21 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AFS Credentials.lnk
[2009/11/01 21:25:20 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client (OnStartup).lnk
[2009/11/01 21:25:15 | 00,421,091 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/11/01 21:25:15 | 00,002,327 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/11/01 21:22:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/01 21:22:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/01 21:22:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/01 21:19:11 | 04,194,304 | -H-- | M] () -- C:\Documents and Settings\ngtabcs\ntuser.dat
[2009/10/31 19:24:22 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ngtabcs\Desktop\OTL.exe
[2009/10/30 23:30:35 | 00,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/30 23:30:35 | 00,000,239 | RHS- | M] () -- C:\boot.ini
[2009/10/30 23:30:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/30 16:56:42 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/30 16:44:48 | 00,037,170 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\index.php.htm
[2009/10/30 16:36:36 | 00,000,773 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/30 16:36:31 | 00,000,617 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\NTREGOPT.lnk
[2009/10/30 16:36:31 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\ERUNT.lnk
[2009/10/30 16:19:34 | 00,464,491 | ---- | M] () -- C:\RootRepeal.zip
[2009/10/30 08:30:04 | 00,421,091 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/10/29 22:03:02 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\ngtabcs\ntuser.ini
[2009/10/29 21:03:24 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\ngtabcs\Desktop\HijackThis.exe
[2009/10/29 17:13:50 | 00,002,433 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\VPN Client.lnk
[2009/10/28 19:44:31 | 00,117,676 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\winsock2_3.reg
[2009/10/28 19:44:04 | 00,081,856 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\winsock2_2.reg
[2009/10/28 19:42:23 | 00,117,900 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\winsock2.reg
[2009/10/28 18:58:26 | 00,062,208 | ---- | M] (GoldWave Inc.) -- C:\WINDOWS\sslsfil_old.exe
[2009/10/27 16:29:18 | 00,003,858 | -H-- | M] () -- D:\Users\NGTABCS\My Documents\Default.rdp
[2009/10/25 09:50:19 | 00,066,852 | ---- | M] () -- C:\Documents and Settings\ngtabcs\Desktop\target_photo.pdf
[2009/10/25 09:50:16 | 00,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv

========== Files Created - No Company Name ==========

[2009/10/30 22:28:14 | 00,464,491 | ---- | C] () -- C:\RootRepeal.zip
[2009/10/30 16:56:42 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/30 16:46:21 | 00,037,170 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\index.php.htm
[2009/10/30 16:36:36 | 00,000,773 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/30 16:36:31 | 00,000,617 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\NTREGOPT.lnk
[2009/10/30 16:36:31 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\ERUNT.lnk
[2009/10/30 00:55:03 | 00,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client (OnStartup).lnk
[2009/10/30 00:55:03 | 00,002,327 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/10/30 00:55:03 | 00,000,892 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AFS Credentials.lnk
[2009/10/30 00:55:03 | 00,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\goScreen.lnk
[2009/10/29 19:29:06 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2009/10/29 19:29:06 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2009/10/29 19:26:31 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2009/10/29 19:26:31 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2009/10/29 19:25:28 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2009/10/29 19:24:09 | 00,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2009/10/29 19:24:09 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2009/10/29 19:24:09 | 00,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2009/10/29 19:24:08 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2009/10/29 19:24:08 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2009/10/29 19:23:22 | 00,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2009/10/29 19:23:21 | 00,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2009/10/29 19:23:21 | 00,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2009/10/29 19:22:16 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2009/10/29 19:22:16 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2009/10/29 19:22:15 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2009/10/29 19:22:14 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2009/10/29 19:22:14 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2009/10/29 19:22:14 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2009/10/29 19:22:13 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2009/10/29 19:22:13 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2009/10/29 19:22:13 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2009/10/29 19:22:08 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2009/10/28 19:44:31 | 00,117,676 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\winsock2_3.reg
[2009/10/28 19:44:04 | 00,081,856 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\winsock2_2.reg
[2009/10/28 19:42:23 | 00,117,900 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\winsock2.reg
[2009/10/25 09:50:16 | 00,066,852 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Desktop\target_photo.pdf
[2009/08/03 13:00:47 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\ILM-Lite.dll
[2009/08/03 13:00:47 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\ILM.dll
[2009/08/03 13:00:47 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ILMcrypt.dll
[2009/06/03 10:03:43 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/06/03 10:00:53 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/06/03 10:00:53 | 00,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/11/30 13:35:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/08/07 09:48:25 | 00,000,117 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Application Data\sstore.txt
[2008/07/31 13:01:38 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Local Settings\Application Data\fusioncache.dat
[2008/07/31 12:41:56 | 00,000,056 | ---- | C] () -- C:\Documents and Settings\ngtabcs\Application Data\sstoreID.txt
[2008/07/29 14:00:57 | 04,323,176 | -H-- | C] () -- C:\Documents and Settings\ngtabcs\Local Settings\Application Data\IconCache.db
[2008/07/29 12:42:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\ngtabcs\Application Data\desktop.ini
[2008/07/17 07:16:05 | 00,030,267 | ---- | C] () -- C:\WINDOWS\System32\drivers\safeboot.sys
[2008/07/17 07:04:11 | 00,000,029 | ---- | C] () -- C:\WINDOWS\CAI.INI
[2008/07/15 13:43:53 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/07/15 13:43:51 | 00,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/07/15 13:35:21 | 00,000,664 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/15 13:35:21 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/07/15 13:31:26 | 00,000,131 | ---- | C] () -- C:\WINDOWS\bisfax.ini
[2008/07/15 12:20:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/16 05:27:05 | 00,001,126 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/21 18:22:31 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/08/01 11:15:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/08/01 11:15:00 | 01,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/08/01 11:15:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/08/01 11:15:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/11/18 13:49:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/09 09:09:36 | 00,009,618 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\3GDevice.xml
[2005/05/06 17:06:32 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2005/02/10 12:17:50 | 00,172,056 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2005/02/10 12:10:22 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2004/06/29 15:26:44 | 00,978,944 | ---- | C] () -- C:\WINDOWS\System32\imslsmp_dll.dll
[2004/06/29 15:26:42 | 19,804,160 | ---- | C] () -- C:\WINDOWS\System32\imsl_dll.dll
[2004/06/29 15:26:42 | 00,864,256 | ---- | C] () -- C:\WINDOWS\System32\imslblas_dll.dll
[2004/06/29 15:26:42 | 00,827,392 | ---- | C] () -- C:\WINDOWS\System32\imslscalar_dll.dll
[2003/08/06 14:46:32 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\jacob.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/27 11:39:40 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\SCToolBar.dll
[2001/08/23 12:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2000/10/22 06:20:10 | 00,254,464 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt2x.dll
[1998/09/21 15:16:00 | 00,000,167 | ---- | C] () -- C:\WINDOWS\Mtb12.ini

========== LOP Check ==========

[2008/07/15 13:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fiberlink
[2008/07/15 13:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hummingbird
[2009/10/25 09:50:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/08/07 10:04:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2008/09/16 21:44:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\CyberLink
[2009/03/22 12:36:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\HouseCall 6.6
[2009/06/11 12:40:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\Hummingbird
[2009/06/03 10:03:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\pdf995
[2009/06/03 09:58:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\Sametime
[2008/08/01 15:06:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\SQL Developer
[2008/08/29 09:04:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\TextPad
[2009/10/30 01:31:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\U3
[2009/10/04 18:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ngtabcs\Application Data\webex
[2001/08/23 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/01 21:22:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/09/10 13:43:22 | 00,028,789 | ---- | M] () MD5=24BE3B300952EAE96EA756139B450948 -- C:\Apps\Perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\Winnt\system32\eventlog.dll
[2004/08/03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\Winnt\system32\dllcache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\Winnt\system32\scecli.dll
[2004/08/03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\Winnt\system32\dllcache\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\Winnt\system32\netlogon.dll
[2004/08/03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\Winnt\system32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2007/02/12 11:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRV\SATA\iastor.sys
[2006/01/16 20:12:16 | 00,824,960 | ---- | M] () MD5=DFA47426ABB8311EBE33145790F8D179 -- C:\WINDOWS\Options\XP Source\I386\WIN9XMIG\PRINT\SBSINF\iastor.sys
[2007/07/24 16:39:28 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2006/01/16 20:12:16 | 00,824,960 | ---- | M] () MD5=DFA47426ABB8311EBE33145790F8D179 -- C:\Winnt\Options\XP Source\I386\WIN9XMIG\PRINT\SBSINF\iastor.sys
[2007/07/24 16:39:28 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Winnt\system32\drivers\iaStor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Winnt\system32\dllcache\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Winnt\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Winnt\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Winnt\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/03 18:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/03 18:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2004/08/03 18:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\Winnt\system32\dllcache\agp440.sys
[2004/08/03 18:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\Winnt\system32\drivers\AGP440.SYS

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >
Rorschach112
Nov 2 2009, 01:09 PM
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean





Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
Vamsee
Nov 2 2009, 01:29 PM
Dear Rorschach112,

I'm not able to connect to internet from this laptop.. I can copy TFC.exe and mbam.exe(copy the latest rules.txt) from my desktop to laptop.. But I may not be able to run kapsersky online virus scan.. I'll go ahead and run TFC and mbam.. Please advise about kaspersky..

Regards,
Vamsee
Vamsee
Nov 2 2009, 02:26 PM
Dear Rorschach112,

I ran TFC.exe. After that mbam and it found no issues... Please advise.. Do you think its a virus issue or hardware issue?

Regards,
Vamsee
Rorschach112
Nov 2 2009, 09:34 PM
not malware i'd say

one more scan

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.
    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.
Vamsee
Nov 2 2009, 10:48 PM
Hi.. I'm not able to reboot the machine in safe mode.. Its comes with blue screen and error message.. Please advise
Rorschach112
Nov 3 2009, 12:10 AM
does this fix that ?

Download and run SafeBootKeyRepair-CF from:

http://download.bleepingcomputer.com/sUBs/...otKeyRepair.exe
or
http://www.techsupportforum.com/sectools/s...eyRepair-CF.exe

It will take only a moment for it to run.
A log will be produced at C:\SafeBoot_Repair.txt. Please post that in your next reply


If not just run AVP in normal mode
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.