Recommended for You:
Fix up your PC Fast

TuneUp Utilities 2012 takes out the trash: Get back long lost disk space and performance in a snap – Free Download!






You are not connected. Please login or register

SecuraGeek Forums » Malware/Threat Removal » Can't connect to the internet

View previous topic View next topic Go down  Message [Page 1 of 1]

1 Can't connect to the internet on Thu Jul 21, 2011 10:23 pm

punkrotten


Member
Member
Hi,


I have 2 PCs in my home. One is connected to the modem and the other is connected through an ethernet cable that is connected into an ethernet port in back of the modem. The one connected through the ethernet cable is the one having the problem.


The computer I am using now is working fine, but when you go to the other I can't get a browser to come up. I have tried firefox and IE. I am getting messages like server not found. The PC is running windows xp.

I have checked the internet settings and everything looks good. It says it is connected etc. I don't know what the problem is. Any help? thx

2 Re: Can't connect to the internet on Fri Jul 22, 2011 12:46 am

Sneakyone


Secondary Administrator
Secondary Administrator
Hi,

I'm going to go out on a limb and say this is malware related. Do you have access to a USB drive that can transfer files between the computers. I'll move this thread to the Malware Removal section after your next reply.


..........................................................


3 Re: Can't connect to the internet on Fri Jul 22, 2011 1:02 am

punkrotten


Member
Member
Yes I have a 4GB thumbdrive.

4 Re: Can't connect to the internet on Fri Jul 22, 2011 10:27 pm

Sneakyone


Secondary Administrator
Secondary Administrator
Excellent.

Copy this to the USB and transfer it to the infected machine.

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr


..........................................................


5 Re: Can't connect to the internet on Fri Jul 22, 2011 11:16 pm

punkrotten


Member
Member
OTL logfile created on: 7/22/2011 7:55:54 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.53 Mb Total Physical Memory | 58.31 Mb Available Physical Memory | 26.09% Memory free
546.68 Mb Paging File | 359.68 Mb Available in Paging File | 65.79% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.99 Gb Total Space | 6.00 Gb Free Space | 37.51% Space Free | Partition Type: NTFS
Drive D: | 39.91 Gb Total Space | 39.68 Gb Free Space | 99.42% Space Free | Partition Type: NTFS
Drive G: | 3.59 Gb Total Space | 3.59 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: VALUED-A069BA8D | User Name: Mary McLeod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/22 19:46:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2002/03/29 16:07:00 | 000,032,768 | ---- | M] (Lucent Technologies) -- C:\WINDOWS\LTSMMSG.exe
PRC - [2002/01/25 02:30:48 | 000,290,816 | R--- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\khooker.exe


========== Modules (SafeList) ==========

MOD - [2011/07/22 19:46:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2002/03/13 10:59:02 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - [2011/06/22 20:02:46 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2011/06/22 18:01:26 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 18:01:26 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/06/22 18:01:26 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2006/03/27 02:53:28 | 000,167,808 | R--- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2005/09/26 23:24:03 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/22 01:53:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2002/03/29 20:48:00 | 000,187,648 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/03/29 16:34:00 | 000,807,917 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)
DRV - [2002/03/28 13:08:16 | 000,175,232 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sis7012.sys -- (SiS7012) Service for AC'97 Sample Driver (WDM)
DRV - [2002/03/17 17:23:00 | 000,005,760 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2001/12/31 17:12:40 | 000,045,312 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2000/12/05 16:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:47392

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/21 07:50:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/21 07:50:53 | 000,000,000 | ---D | M]

[2010/05/25 20:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary McLeod\Application Data\Mozilla\Extensions
[2010/05/25 20:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mary McLeod\Application Data\Mozilla\Firefox\Profiles\0xgrtr6p.default\extensions
[2011/07/20 16:06:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/19 18:18:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/19 18:17:35 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/05/19 18:17:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2008/11/25 17:20:52 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [LTSMMSG] C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)
O4 - HKLM..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: //@signup.mar@/ ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/Nestle/Coupons.cab (cpbrkpie Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mary McLeod\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mary McLeod\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/27 15:09:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/27 14:22:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.CAM -- [ NTFS ]
O33 - MountPoints2\{00926b50-15d4-11df-94cf-00e01876f460}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
O33 - MountPoints2\{00926b50-15d4-11df-94cf-00e01876f460}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
O33 - MountPoints2\{00926b51-15d4-11df-94cf-00e01876f460}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
O33 - MountPoints2\{00926b51-15d4-11df-94cf-00e01876f460}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1033\conmgr.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe - (America Online, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ControlCenter2.0 - hkey= - key= - File not found
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: QuickFinder Scheduler - hkey= - key= - C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE (Novell, Inc., c/o Corel Corporation Limited)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Registry Cleaner Scheduler - hkey= - key= - File not found
MsConfig - StartUpReg: SetDefPrt - hkey= - key= - File not found
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E81659DF-28E1-4C60-B4B9-00A4BC5FA76D} - Q316059
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: ;VIDC.MJPG - C:\WINDOWS\System32\sonymjpg.dll (Sony Corporation)
Drivers32: msacm.atrac3 - C:\WINDOWS\System32\atrac3.acm (Sony Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\DVLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - C:\WINDOWS\System32\sonymjpg.dll (Sony Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/22 19:55:28 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mary McLeod\Desktop\OTL.exe
[2011/06/22 20:35:24 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/22 20:03:11 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7096DEC6-7723-4BE4-A723-3CA77A88F3FE}.job
[2011/07/22 19:46:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mary McLeod\Desktop\OTL.exe
[2011/07/22 19:13:04 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/21 20:08:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/20 21:43:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/20 15:39:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/20 15:39:21 | 234,459,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/15 22:51:56 | 000,144,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/15 22:21:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/15 22:17:20 | 000,380,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/15 22:17:20 | 000,052,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/18 16:21:51 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2010/08/05 15:37:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/08/05 14:19:01 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/08/05 14:11:13 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/08/05 14:08:03 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/08/05 14:08:03 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/08/05 14:08:02 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/08/05 14:08:02 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/08/05 14:08:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2010/08/05 14:00:09 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/02/09 22:10:46 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/08/28 07:32:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\khooker.INI
[2006/12/27 13:30:33 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/05/23 21:38:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/03/15 11:58:06 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2006/03/15 11:58:05 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2006/03/02 09:11:50 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\au3305adc.dll
[2006/03/02 09:11:25 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Apollo DVD Copy.INI
[2006/03/02 08:50:32 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2006/02/28 23:07:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2005/10/15 16:18:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/05 06:34:42 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2005/10/05 06:27:43 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/05 06:26:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/07 18:32:54 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mary McLeod\Application Data\PFP100JPR.{PB
[2005/09/07 18:32:54 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mary McLeod\Application Data\PFP100JCM.{PB
[2005/08/28 17:31:03 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005/08/28 17:31:03 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/04/17 12:45:29 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2002/04/17 12:45:28 | 000,000,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2002/04/17 12:43:32 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2002/04/17 12:43:02 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2002/04/17 12:41:37 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2002/04/17 12:34:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2002/04/17 12:34:23 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2002/04/17 12:06:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/16 16:08:22 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
[2002/04/16 16:06:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2002/04/16 16:06:54 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2002/04/16 16:06:46 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2002/04/16 16:06:46 | 000,086,275 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe
[2002/04/16 11:31:46 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2002/04/16 04:25:32 | 000,000,804 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/16 04:24:18 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2002/04/16 04:19:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/04/16 04:12:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/04/16 04:00:59 | 002,931,304 | ---- | C] () -- C:\WINDOWS\Q317277.exe
[2002/04/16 04:00:59 | 000,621,672 | ---- | C] () -- C:\WINDOWS\Q316134.exe
[2002/04/16 04:00:59 | 000,311,912 | ---- | C] () -- C:\WINDOWS\Q320174.exe
[2002/04/16 04:00:58 | 000,599,144 | ---- | C] () -- C:\WINDOWS\Q315000.EXE
[2002/04/16 04:00:58 | 000,487,016 | ---- | C] () -- C:\WINDOWS\Q315403.EXE
[2002/04/16 04:00:58 | 000,234,088 | ---- | C] () -- C:\WINDOWS\Q314147.exe
[2002/04/16 04:00:57 | 002,039,400 | ---- | C] () -- C:\WINDOWS\Q309521.exe
[2002/04/16 04:00:57 | 000,605,288 | ---- | C] () -- C:\WINDOWS\Q312368.EXE
[2002/04/16 04:00:57 | 000,474,728 | ---- | C] () -- C:\WINDOWS\Q308677.EXE
[2002/04/16 04:00:57 | 000,329,320 | ---- | C] () -- C:\WINDOWS\Q312131.exe
[2002/04/16 04:00:57 | 000,290,920 | ---- | C] () -- C:\WINDOWS\Q311889.EXE
[2002/04/16 04:00:57 | 000,162,920 | ---- | C] () -- C:\WINDOWS\Q309056.exe
[2002/04/16 04:00:56 | 000,359,016 | ---- | C] () -- C:\WINDOWS\Q308402.EXE
[2002/04/16 04:00:56 | 000,240,232 | ---- | C] () -- C:\WINDOWS\Q306583.exe
[2002/04/16 04:00:56 | 000,188,520 | ---- | C] () -- C:\WINDOWS\Q307274.exe
[2002/04/16 04:00:56 | 000,159,336 | ---- | C] () -- C:\WINDOWS\Q307271.exe
[2002/04/16 04:00:35 | 000,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/16 03:59:42 | 000,380,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/04/16 03:59:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/04/16 03:59:42 | 000,052,968 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/04/16 03:59:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/04/16 03:59:40 | 000,004,530 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/04/16 03:59:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/04/16 03:59:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/04/16 03:59:21 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/04/16 03:59:20 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/04/16 03:59:07 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/04/16 03:58:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/04/15 21:06:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/04/15 21:05:20 | 000,144,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2000/09/13 19:03:00 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT

========== Custom Scans ==========


< >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/04/15 21:04:44 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2002/04/15 21:04:44 | 000,610,304 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2002/04/15 21:04:44 | 000,385,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.sys >
[2001/08/18 05:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2001/08/18 05:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2001/08/18 05:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2001/08/18 05:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/03 22:46:56 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2001/08/18 05:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2001/08/18 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2001/08/18 05:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2001/08/18 05:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2001/08/18 05:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/03 22:45:10 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/03 22:45:16 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/03 22:45:12 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/03 22:45:16 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/03 22:45:14 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 11:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2011/06/02 07:02:05 | 001,858,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 17:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 17:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 17:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 17:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 17:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 17:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 17:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 17:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 17:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 17:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 17:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 17:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 17:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 17:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 17:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2005/12/09 16:02:33 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2005/12/09 16:02:33 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2008/08/27 15:09:52 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/27 14:22:41 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.CAM
[2007/11/04 14:49:01 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2002/04/16 04:15:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/11/25 17:20:50 | 000,208,024 | ---- | M] () -- C:\coreuninstall.log
[2011/07/20 15:39:21 | 234,459,136 | -HS- | M] () -- C:\hiberfil.sys
[2008/08/27 19:07:53 | 000,000,164 | ---- | M] () -- C:\install.dat
[2009/12/05 08:06:20 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2002/04/16 04:15:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/11/23 20:52:52 | 000,001,716 | -H-- | M] () -- C:\IPH.PH
[2002/04/16 04:15:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/08/28 18:05:03 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/27 09:19:37 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/07/20 15:39:19 | 352,321,536 | -HS- | M] () -- C:\pagefile.sys
[2002/04/16 16:08:22 | 000,000,369 | ---- | M] () -- C:\SiSSetup.txt
[2002/04/16 16:08:22 | 000,014,415 | ---- | M] () -- C:\SiSSetup1.ini
[2002/04/16 16:08:23 | 000,005,545 | ---- | M] () -- C:\SiSUnist.ini
[2008/02/14 17:33:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/05/05 22:00:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/05/22 23:26:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/05/23 15:41:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/08/20 20:21:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/01/15 07:10:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/02/14 17:33:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/05/05 22:00:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/05/22 23:26:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/05/23 15:41:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/08/20 20:21:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/01/15 07:10:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2005/09/29 11:51:50 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %PROGRAMFILES%\*. >
[2011/07/14 20:31:18 | 000,000,000 | ---D | M] -- C:\Program Files\adobe
[2008/07/04 20:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2005/10/29 18:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\America Online 9.0
[2006/03/04 16:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\AOD
[2008/08/29 18:58:38 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2005/10/05 06:43:19 | 000,000,000 | ---D | M] -- C:\Program Files\AOL Companion
[2011/05/06 16:55:57 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2011/05/06 15:49:05 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2007/04/15 15:13:53 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2011/07/14 20:18:54 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2011/06/22 19:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\CleanMyPC
[2011/06/24 07:07:56 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/09/07 18:26:47 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2010/05/27 16:44:19 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2005/08/28 17:49:30 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2011/03/21 21:01:57 | 000,000,000 | ---D | M] -- C:\Program Files\Design Science
[2006/01/31 18:26:46 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2011/06/23 16:07:21 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/07/14 20:18:35 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/06/22 21:56:28 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/05/19 18:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/07/25 13:04:01 | 000,000,000 | ---D | M] -- C:\Program Files\Kuta Software LLC
[2008/08/27 10:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2002/04/16 04:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/08/11 22:35:29 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/07/14 20:32:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2007/12/23 12:16:55 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2002/04/16 04:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/08/27 09:24:39 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2002/04/16 04:13:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 22:56:26 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2006/03/20 16:33:40 | 000,000,000 | ---D | M] -- C:\Program Files\Plaxo
[2006/03/22 22:15:34 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2008/08/29 18:51:42 | 000,000,000 | ---D | M] -- C:\Program Files\QUICKENW
[2005/10/05 09:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2005/08/28 17:36:51 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/08/05 13:58:16 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2002/04/16 16:06:54 | 000,000,000 | ---D | M] -- C:\Program Files\SiS Compatible VGA V2.07c
[2002/04/15 21:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\SiS7012
[2006/03/02 09:06:58 | 000,000,000 | ---D | M] -- C:\Program Files\SlySoft
[2011/05/11 16:18:03 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2011/05/11 16:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\support.com
[2011/04/04 21:12:42 | 000,000,000 | ---D | M] -- C:\Program Files\Trusteer
[2005/09/07 18:31:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/11/16 14:19:49 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2005/10/19 16:11:24 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2007/02/25 23:22:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/08/27 09:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/27 09:24:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/05/10 21:31:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2011/06/22 19:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2002/04/16 04:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2002/04/15 21:06:04 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Mary McLeod\Application Data\desktop.ini
[2005/09/07 18:32:54 | 000,012,358 | ---- | M] () -- C:\Documents and Settings\Mary McLeod\Application Data\PFP100JCM.{PB
[2005/09/07 18:32:54 | 000,061,678 | ---- | M] () -- C:\Documents and Settings\Mary McLeod\Application Data\PFP100JPR.{PB


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/27 09:00:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/27 09:00:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/27 09:00:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/27 09:00:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/27 09:00:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/08/27 09:00:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 22:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/08/27 09:00:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:usbstor.sys
[2008/08/27 09:00:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-16 05:33:14

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E

< End of report >

6 Re: Can't connect to the internet on Fri Jul 22, 2011 11:17 pm

punkrotten


Member
Member
OTL Extras logfile created on: 7/22/2011 7:55:54 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

223.53 Mb Total Physical Memory | 58.31 Mb Available Physical Memory | 26.09% Memory free
546.68 Mb Paging File | 359.68 Mb Available in Paging File | 65.79% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.99 Gb Total Space | 6.00 Gb Free Space | 37.51% Space Free | Partition Type: NTFS
Drive D: | 39.91 Gb Total Space | 39.68 Gb Free Space | 99.42% Space Free | Partition Type: NTFS
Drive G: | 3.59 Gb Total Space | 3.59 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: VALUED-A069BA8D | User Name: Mary McLeod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{00609F70-5043-4C20-895A-D6EF7ACE9304}" = PicoPlayerSplashScreen
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1EE377F9-1FBC-440E-82EB-7B8A1EDDEE52}" = SonicStage CD-R Writing Module
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21CF3E6E-1659-433E-B6CE-165D793560DA}" = VAIO Grid Wallpaper
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002 OEM
"{29F61465-428A-11D4-B646-00C04F790F76}" = DVgate
"{2B9FBAE1-5016-4F14-B452-E6874A3C1284}" = VAIO Clock Screen Saver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library
"{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup
"{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions Win2K,WinXP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6F4C00-E935-11D3-A98A-0080986030D9}" = Smart Capture
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{5C70C75F-A265-4C62-B90F-8F80AA69F262}" = PicoPlayer Demo
"{6060E6A1-5342-4D2B-8F66-B6D6E20BBD03}" = VAIO Help & Support
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
"{6DF804A8-2CC2-4D22-A958-4534F6EC3C76}" = VAIO Registration
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72275927-4241-46A7-A9C4-B86C6B256EB6}" = ImageStation Demo
"{7443EC4E-DCEB-4B10-8888-CBFB5E7108D9}" = Experience VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802EF464-4992-42B3-8434-45151AD3C933}" = VAIO Serenus Wallpaper
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACEC9C3E-0100-4EBE-B298-35A2145828A0}" = VAIO Brezza Wallpaper
"{AD3B1DDF-52AD-405E-B931-7ACF76937E5F}" = ImageStation
"{BC3ADBE9-5556-4612-8357-5225C8F9E19F}" = PicoPlayer
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D4A49B00-02F8-11D5-B64D-00C04F790F76}" = MovieShaker 3.3
"{E2069DE3-5924-4766-A385-CDA273885A31}" = DigitalPrint 1.1
"{E535DC62-56D6-11D5-8AE3-00105A7276CD}" = SonicStage 1.2.00
"{E84D2015-4FEB-40CC-A2DD-1A6B8BAC2429}" = OpenMG Secure Module 3.0.03
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AviSynth" = AviSynth 2.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"EPSON Printer and Utilities" = EPSON Printer Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Motion JPEG Software Decoder" = Motion JPEG Software Decoder
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickTime" = QuickTime
"Rapport_msi" = Rapport
"RealPlayer 6.0" = RealPlayer Basic
"RealProducer 8.5" = RealProducer Basic 8.5
"SiS 650_740" = SiS 650_740
"SiS7012" = SiS Audio Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

< End of report >

7 Re: Can't connect to the internet on Sun Jul 24, 2011 2:03 am

Sneakyone


Secondary Administrator
Secondary Administrator
Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


..........................................................


8 Re: Can't connect to the internet on Sun Jul 24, 2011 2:47 pm

punkrotten


Member
Member
Hi,

I am not able to rename combofix before saving it. It goes straight to the download. Also on the PC with the problem I am getting an alert that AVG antivirus is on the PC but I can't find it anywhere. It seems to be hidden.

9 Re: Can't connect to the internet on Mon Jul 25, 2011 1:59 am

Sneakyone


Secondary Administrator
Secondary Administrator
Hi, Run this to get rid of AVG: http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe


..........................................................


10 Re: Can't connect to the internet on Mon Jul 25, 2011 9:29 pm

punkrotten


Member
Member
Ran the AVG removal tool and it said it would remove but would take a few restarts or something like that. When running it, it just scans real fast then the window closes. It did that a few times. When I ran conbofix it told me that AVG was still on the PC. I ran combofix anyway. I was alerted that the combofix was expired but I could still run it at a reduced functionality or something like that.

After running it, it told me I did not have the windows recovery console, asked if I wanted to download it. I clicked yes, but was told I needed an internet connection. But I have no internet connection in the PC.

11 Re: Can't connect to the internet on Mon Jul 25, 2011 11:37 pm

Sneakyone


Secondary Administrator
Secondary Administrator
Hi,

Please do this for AVG:

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Connect to root\SecurityCenter
5. Click on Query
6. Type in SELECT * FROM AntiVirusProduct and click on Apply



If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.


..........................................................


12 Re: Can't connect to the internet on Thu Jul 28, 2011 10:02 pm

punkrotten


Member
Member
After I get click query in step 5 the box is blank. I don't see anything that says select * FROM antivirusproduct.

13 Re: Can't connect to the internet on Thu Jul 28, 2011 11:18 pm

Sneakyone


Secondary Administrator
Secondary Administrator
Try running ComboFix again.


..........................................................


14 Re: Can't connect to the internet on Sat Jul 30, 2011 2:06 pm

punkrotten


Member
Member
I ran the combofix again, got the same messages. I ignored them and ran the program, but doesn't seem to do anything. A little window open with a blue screen, it stays like that for a minute then disappears and the combofix on my desktop disappears too.

15 Re: Can't connect to the internet on Sat Jul 30, 2011 11:51 pm

Sneakyone


Secondary Administrator
Secondary Administrator
Hi, please run this to get rid of AVG: http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe


..........................................................


Ad Bot

View previous topic View next topic Back to top  Message [Page 1 of 1]

SecuraGeek Forums » Malware/Threat Removal » Can't connect to the internet

Permissions in this forum:
You cannot reply to topics in this forum