Thank you!!
OTL.txt and Extras.txt are attached.
Since I last wrote, in trying to run a
GMER log (
step 8 at bleepingcomputer) I had a severe crash and a new B.S.O.D. -- no bootable drive!
FIXMBR from the Win2K recovery console got the system bootable again. So, since I rewrote the Master Boot Record, the trojan may not be active any more. It seems I can log onto eBay now, so that symptom is gone. I'm hoping you can help me eradicate any vestiges. Thank you so much for the help.
-- Bob Stein, VisiBone, Lyme, NH
OTL logfile created on: 03/07/2010 16:28:47 - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
1,023.00 Mb Total Physical Memory | 788.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 44.38 Gb Free Space | 39.72% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 11.55 Gb Free Space | 3.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 15.14 Mb Total Space | 0.55 Mb Free Space | 3.61% Space Free | Partition Type: FAT
Drive I: | 465.76 Gb Total Space | 237.57 Gb Free Space | 51.01% Space Free | Partition Type: NTFS
Computer Name: TWOHEAD
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
PRC - [2010/03/07 16:17:05 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/11/17 17:36:26 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/09 16:05:03 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2004/09/07 10:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
PRC - [2003/06/19 14:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/06/19 14:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe
PRC - [2003/06/19 14:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
PRC - [2003/06/19 14:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe
PRC - [2003/06/19 14:05:04 | 000,019,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\hidserv.exe
PRC - [2002/05/02 18:58:44 | 000,122,965 | ---- | M] (Roxio) -- C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
PRC - [2002/04/10 16:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
MOD - [2010/03/07 16:17:05 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2003/06/19 14:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
SRV - [2009/12/11 11:48:52 | 001,184,912 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/06/17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2004/09/07 10:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/06/19 14:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
SRV - [2003/06/19 14:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/19 14:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
SRV - [2003/06/19 14:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/19 14:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)
SRV - [2003/06/19 14:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/06/19 14:05:04 | 000,019,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\hidserv.exe -- (HidServ)
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
DRV - [2009/09/23 07:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINNT\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/08/20 12:58:58 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/08/20 12:58:58 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\system32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2006/01/24 22:52:31 | 001,478,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/09 02:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/06/19 14:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/06/19 14:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/19 14:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/06/19 14:05:04 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
DRV - [2003/06/19 14:05:04 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
DRV - [2003/06/19 14:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\system32\drivers\efs.sys -- (EFS)
DRV - [2003/06/19 14:05:04 | 000,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)
DRV - [2003/06/19 14:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/19 14:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\IdeChnDr.sys -- (IdeChnDr) Intel®
DRV - [2002/10/15 00:00:00 | 000,013,891 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\IdeBusDr.sys -- (IdeBusDr)
DRV - [2002/08/09 11:12:42 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2002/08/09 11:08:29 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [2002/04/10 17:08:26 | 000,227,266 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINNT\system32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2002/04/10 17:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 17:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 17:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 17:00:20 | 000,356,651 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINNT\system32\drivers\cdudf.sys -- (cdudf)
DRV - [2002/02/28 14:49:08 | 000,073,824 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\el90Xbc5.SYS -- (EL90Xbc)
DRV - [2002/02/28 14:49:08 | 000,073,824 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\el90Xbc5.SYS -- (EL90BC)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINNT\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/03/23 00:00:00 | 000,079,106 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\IntelAta.sys -- (IntelATA)
DRV - [1999/10/22 14:54:42 | 000,032,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ichaud.sys -- (ichaud) Service for AC'97 Driver (WDM)
DRV - [1999/09/24 18:55:30 | 000,602,128 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\winacpci.sys -- (Winacpci)
DRV - [1995/11/07 03:57:16 | 000,006,144 | ---- | M] (Corel Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\crlscsi.sys -- (crlscsi)
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=\"#E56717\"]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "
http://www.visibone.com/"
FF - prefs.js..extensions.enabledItems:
[email protected]:1.11.6a
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/01 08:15:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 02:19:21 | 000,000,000 | ---D | M]
[2009/11/04 18:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/07 16:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cpd5imup.default\extensions
[2009/11/27 13:56:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cpd5imup.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/26 00:58:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cpd5imup.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/12/22 20:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cpd5imup.default\extensions\
[email protected][2010/03/07 16:15:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2002/08/09 11:09:05 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [CreateCD50] C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe (Roxio)
O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Tweak UI] C:\WINNT\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034}
http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.microsoft.com/windowsupd...b?1258743311109 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINNT\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Eudora\EuShlExt.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/04 16:54:39 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/11/04 13:55:00 | 000,000,125 | ---- | M] () - I:\autorunoff.reg -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINNT\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: Ias - C:\WINNT\system32\ias [2009/11/04 18:13:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found
SystemRestore not available.
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010/03/05 10:15:09 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/04 23:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/04 22:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware
[2010/03/04 22:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/03/04 22:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/04 00:52:00 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaws.exe
[2010/03/04 00:35:19 | 000,065,240 | ---- | C] (Avira GmbH) -- C:\WINNT\System32\drivers\avgntflt.sys
[2010/03/04 00:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/03 23:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Malware 2010.0303
[2010/02/23 07:11:22 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_438.exe
[2010/02/11 03:28:33 | 000,000,000 | ---D | C] -- C:\WINNT\Minidump
[2010/02/06 22:07:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PHP project
[2010/02/06 22:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Perl project
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
[2010/03/07 16:28:52 | 001,904,640 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/03/07 16:17:05 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/07 16:12:10 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/03/07 16:12:08 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_260.dat
[2010/03/06 01:32:10 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_468.dat
[2010/03/06 01:31:44 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_298.dat
[2010/03/06 01:19:45 | 000,000,262 | ---- | M] () -- C:\WINNT\tasks\daily.job
[2010/03/06 01:19:05 | 000,000,070 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\aff yesterday.url
[2010/03/06 01:02:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/03/06 00:52:24 | 000,002,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/05 23:17:55 | 000,000,345 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2contact.lnk
[2010/03/05 17:41:33 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2010/03/05 17:23:10 | 000,054,156 | -H-- | M] () -- C:\WINNT\QTFont.qfn
[2010/03/05 17:23:10 | 000,001,409 | ---- | M] () -- C:\WINNT\QTFont.for
[2010/03/05 10:33:47 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Downloads.lnk
[2010/03/04 23:11:42 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/03/04 13:52:58 | 000,001,179 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\music.lnk
[2010/03/03 23:47:02 | 000,098,304 | ---- | M] () -- C:\WINNT\System32\dfrg.msc
[2010/03/03 09:53:01 | 000,000,487 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Lyme People.lnk
[2010/03/01 14:20:01 | 000,000,339 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\for J.lnk
[2010/03/01 00:50:47 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_66c.dat
[2010/02/28 23:03:37 | 000,000,557 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Favorites.lnk
[2010/02/28 18:58:53 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\posts of mine.lnk
[2010/02/27 11:30:32 | 000,000,264 | ---- | M] () -- C:\WINNT\tasks\weekly.job
[2010/02/27 11:30:32 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\aff2010 0220-0226.url
[2010/02/26 11:28:54 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\This Ame- rican Life.lnk
[2010/02/25 20:16:48 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_240.dat
[2010/02/25 20:15:31 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/25 10:06:30 | 000,001,410 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/02/23 10:23:51 | 000,000,369 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\share.lnk
[2010/02/23 07:11:29 | 000,726,008 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_438.exe
[2010/02/20 03:06:11 | 000,001,481 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2010/02/20 03:03:27 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\aff2010 0213-0219.url
[2010/02/13 21:06:10 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/02/13 11:07:37 | 018,499,623 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1.0.5-win32.exe
[2010/02/13 11:05:26 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Explorer.lnk
[2010/02/13 02:48:36 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\aff2010 0206-0212.url
[2010/02/12 21:39:24 | 000,000,326 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\family pics.lnk
[2010/02/10 10:14:47 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat
[2010/02/10 10:02:30 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_310.dat
[2010/02/10 10:02:28 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_50c.dat
[2010/02/09 14:41:53 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Awoke.odt (2).lnk
[2010/02/07 14:32:49 | 000,000,056 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\East Coast Greenway - Massachusetts.URL
[2010/02/06 22:07:33 | 000,000,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\perlcheat.lnk
[2010/02/06 03:26:36 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\aff2010 0130-0205.url
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
[2010/03/07 16:12:08 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_260.dat
[2010/03/06 01:32:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_468.dat
[2010/03/06 01:31:44 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_298.dat
[2010/03/06 01:02:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/03/05 17:23:10 | 000,054,156 | -H-- | C] () -- C:\WINNT\QTFont.qfn
[2010/03/05 17:23:10 | 000,001,409 | ---- | C] () -- C:\WINNT\QTFont.for
[2010/03/05 10:33:47 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Downloads.lnk
[2010/03/04 23:11:42 | 000,001,590 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2010/03/01 00:50:47 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_66c.dat
[2010/02/27 11:30:32 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\aff2010 0220-0226.url
[2010/02/25 20:16:48 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_240.dat
[2010/02/23 10:23:51 | 000,000,369 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\share.lnk
[2010/02/20 03:03:27 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\aff2010 0213-0219.url
[2010/02/13 21:06:10 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/02/13 11:06:01 | 018,499,623 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vlc-1.0.5-win32.exe
[2010/02/13 11:05:23 | 000,001,406 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Explorer.lnk
[2010/02/13 02:48:36 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\aff2010 0206-0212.url
[2010/02/10 10:14:47 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat
[2010/02/10 10:02:30 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_310.dat
[2010/02/10 10:02:28 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_50c.dat
[2010/02/09 14:41:53 | 000,000,455 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Awoke.odt (2).lnk
[2010/02/07 14:32:49 | 000,000,056 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\East Coast Greenway - Massachusetts.URL
[2010/02/07 13:03:16 | 000,000,084 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\urban dictionary.URL
[2010/02/07 13:02:56 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Wikipedia.URL
[2010/02/06 22:07:23 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\perlfunc.url
[2010/02/06 22:07:19 | 000,000,495 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\perlcheat.lnk
[2010/02/06 07:44:22 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Astronomy Pic of Day.url
[2010/02/06 03:26:36 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\aff2010 0130-0205.url
[2009/11/21 12:55:57 | 000,000,371 | ---- | C] () -- C:\WINNT\wtapi.ini
[2009/11/21 12:55:57 | 000,000,191 | ---- | C] () -- C:\WINNT\rhudwin.ini
[2009/11/21 12:55:57 | 000,000,125 | ---- | C] () -- C:\WINNT\xref.ini
[2009/11/21 12:54:00 | 000,218,400 | ---- | C] () -- C:\WINNT\System32\refeng16.dll
[2009/11/21 12:53:59 | 000,006,694 | ---- | C] () -- C:\WINNT\System32\WTCC60EN.DLL
[2009/11/20 11:13:54 | 000,000,000 | ---- | C] () -- C:\WINNT\longfile.INI
[2009/11/20 11:13:51 | 001,371,436 | R--- | C] () -- C:\WINNT\System32\VBAR2132.DLL
[2009/11/17 09:39:03 | 000,000,000 | ---- | C] () -- C:\WINNT\hpqEmlSz.INI
[2009/11/16 18:02:18 | 000,001,080 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/16 18:00:25 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\hpzids01.dll
[2009/11/12 08:32:24 | 000,000,028 | ---- | C] () -- C:\WINNT\pdf995.ini
[2009/11/06 23:41:37 | 000,000,021 | ---- | C] () -- C:\WINNT\pe.ini
[2009/11/06 23:41:37 | 000,000,021 | ---- | C] () -- C:\WINNT\ft99.ini
[2009/11/06 23:41:37 | 000,000,021 | ---- | C] () -- C:\WINNT\cp.ini
[2009/11/06 23:39:58 | 000,000,235 | ---- | C] () -- C:\WINNT\wpd99.drv
[2009/11/06 23:39:57 | 000,051,716 | ---- | C] () -- C:\WINNT\System32\pdf995mon.dll
[2009/11/06 12:40:59 | 000,000,277 | ---- | C] () -- C:\WINNT\hpbafd.ini
[2009/11/05 16:33:47 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2009/11/05 03:53:14 | 000,147,456 | ---- | C] () -- C:\WINNT\System32\RtlCPAPI.dll
[2009/11/04 23:43:30 | 000,178,176 | ---- | C] () -- C:\WINNT\System32\unrar.dll
[2009/11/04 22:38:27 | 000,000,108 | ---- | C] () -- C:\WINNT\WININIT.INI
[2009/11/04 20:32:01 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2009/11/04 16:54:03 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2002/08/09 11:18:21 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[2002/08/09 11:14:25 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2002/08/09 11:09:09 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2002/08/09 11:08:42 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2002/08/09 11:08:35 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2001/12/07 10:20:46 | 000,006,176 | ---- | C] () -- C:\WINNT\System32\HPBFXMMA.DLL
[2001/08/27 13:13:58 | 000,006,016 | ---- | C] () -- C:\WINNT\System32\HPBMINT.DLL
[2001/07/31 10:17:12 | 000,094,274 | ---- | C] () -- C:\WINNT\System32\HPBHEALR.DLL
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[1999/09/25 05:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 05:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[color=\"#E56717\"]========== Custom Scans ==========[/color]
[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]
[2003/06/19 14:05:04 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe
[2003/06/19 14:05:04 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe
[color=\"#A23BEC\"]< MD5 for: AGP440.SYS >[/color]
[2002/08/09 11:16:06 | 006,412,388 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/11/04 18:13:28 | 010,066,272 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:AGP440.sys
[2009/11/04 18:13:28 | 010,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:AGP440.sys
[2003/06/19 14:05:04 | 000,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2003/06/19 14:05:04 | 000,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\system32\dllcache\agp440.sys
[2003/06/19 14:05:04 | 000,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\system32\drivers\AGP440.SYS
[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS >[/color]
[2002/08/09 11:16:06 | 006,412,388 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys
[2009/11/04 18:13:28 | 010,066,272 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:atapi.sys
[2009/11/04 18:13:28 | 010,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:atapi.sys
[2003/06/19 14:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2003/06/19 14:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\system32\dllcache\atapi.sys
[2003/06/19 14:05:04 | 000,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\system32\drivers\atapi.sys
[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL >[/color]
[2003/06/19 14:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\$NtUpdateRollupPackUninstall$\eventlog.dll
[2003/06/19 14:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2005/04/08 06:54:32 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=E7F03344AE103B02135C20112B557051 -- C:\WINNT\system32\dllcache\EVENTLOG.DLL
[2005/04/08 06:54:32 | 000,049,424 | ---- | M] (Microsoft Corporation) MD5=E7F03344AE103B02135C20112B557051 -- C:\WINNT\system32\EVENTLOG.DLL
[color=\"#A23BEC\"]< MD5 for: IDECHNDR.SYS >[/color]
[2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\Program Files\Intel\Intel Application Accelerator\Driver\IdeChnDr.sys
[2002/10/15 00:00:00 | 000,101,431 | ---- | M] (Intel Corporation) MD5=7D2B8BE9E89628663C1FB571F7C34062 -- C:\WINNT\system32\drivers\IdeChnDr.sys
[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL >[/color]
[2003/06/19 14:05:04 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\$NtUpdateRollupPackUninstall$\netlogon.dll
[2003/06/19 14:05:04 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2005/04/07 18:24:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\$NtUninstallKB954600_WM41$\netlogon.dll
[2005/04/08 06:54:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\$NtUninstallKB957097$\netlogon.dll
[2005/04/07 15:24:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\$NtUninstallKB960803$\netlogon.dll
[2005/04/07 18:24:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\$NtUninstallKB960859$\netlogon.dll
[2005/04/08 06:54:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\system32\dllcache\NETLOGON.DLL
[2005/04/07 18:24:32 | 000,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\WINNT\system32\NETLOGON.DLL
[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL >[/color]
[2005/01/12 14:39:44 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=6FCCE1622E75C7DC46509F7EC4B314A3 -- C:\WINNT\system32\dllcache\scecli.dll
[2005/01/12 14:39:44 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=6FCCE1622E75C7DC46509F7EC4B314A3 -- C:\WINNT\system32\scecli.dll
[2003/06/19 14:05:04 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll
[2003/06/19 14:05:04 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]
[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]
[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav >[/color]
[2009/11/04 11:32:05 | 000,081,920 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2009/11/04 11:32:05 | 000,532,480 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2009/11/04 11:32:04 | 000,380,928 | ---- | M] () -- C:\WINNT\system32\config\system.sav
[color=\"#E56717\"]========== Files - Unicode (All) ==========[/color]
[2009/11/05 16:38:31 | 000,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\䜘
[2009/11/05 16:38:31 | 000,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\䜘
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >
OTL Extras logfile created on: 03/07/2010 16:28:47 - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
1,023.00 Mb Total Physical Memory | 788.00 Mb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 44.38 Gb Free Space | 39.72% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 11.55 Gb Free Space | 3.88% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 15.14 Mb Total Space | 0.55 Mb Free Space | 3.61% Space Free | Partition Type: FAT
Drive I: | 465.76 Gb Total Space | 237.57 Gb Free Space | 51.01% Space Free | Partition Type: NTFS
Computer Name: TWOHEAD
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
[color=\"#E56717\"]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{057F9F8C-53DD-44FA-8D41-80A92A81EC31}" = PHP 5.3.1
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(tm) 6 Update 17
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Application Accelerator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A32A6393-37DA-4E44-BB9F-C4F384F89EB9}" = HP System maintenance for HP Designjet 30 130 series
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A7BF5269-3E74-11D5-B00F-00104B398D77}" = QuarkXPress 5.0
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD716D42-80F7-4227-A3CF-2E8047FD145E}" = Eudora
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1670367-C07F-411f-A196-79D2C65CBEC0}" = PS8200
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6249ABF-F16D-4AF3-8755-4D62F799C238}" = Google AdWords Editor
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_7" = AIM 7
"ATI Display Driver" = ATI Display Driver
"Corel Applications" = Corel Applications
"EPSON Scanner" = EPSON Scan
"FavOrg" = FavOrg
"GoldWave v5.54" = GoldWave v5.54
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"jZip" = jZip
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.0 (Basic)
"Lavasoft Reghance 2.1" = Lavasoft Reghance 2.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.
" = Mozilla Firefox (3.5.
"MSDN Library - April 1999" = MSDN Library - April 1999
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"RealPlayer 6.0" = RealPlayer
"RH Webster's Unabridged Dictionary" = RH Webster's Unabridged Dictionary
"Screen Calipers" = Screen Calipers
"Signature995" = Signature995
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"Visual C++ 6.0 Standard Edition" = Microsoft Visual C++ 6.0 Standard Edition
"VLC media player" = VLC media player 1.0.5
"WampServer 2_is1" = WampServer 2.0
"Winamp" = Winamp
"WMP7" = Windows Media Player system update (9 Series)
"Yahoo! Messenger" = Yahoo! Messenger
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"V" = V - The File Viewer
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 03/04/2010 23:41:26 | Computer Name = TWOHEAD | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINNT\system32\perfdisk.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.
Error - 03/04/2010 23:41:34 | Computer Name = TWOHEAD | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINNT\system32\perfdisk.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.
Error - 03/04/2010 23:53:11 | Computer Name = TWOHEAD | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.
Error - 03/05/2010 00:48:13 | Computer Name = TWOHEAD | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).
Error - 03/05/2010 08:24:52 | Computer Name = TWOHEAD | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.
Error - 03/05/2010 11:14:21 | Computer Name = TWOHEAD | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINNT\system32\perfdisk.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.
Error - 03/05/2010 11:35:03 | Computer Name = TWOHEAD | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).
Error - 03/05/2010 11:36:28 | Computer Name = TWOHEAD | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.
Error - 03/05/2010 18:40:26 | Computer Name = TWOHEAD | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINNT\system32\perfdisk.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.
Error - 03/07/2010 17:12:15 | Computer Name = TWOHEAD | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.
[ System Events ]
Error - 02/09/2010 19:22:54 | Computer Name = TWOHEAD | Source = IdeChnDr | ID = 262153
Description = The device, \Device\Ide\IdeDeviceP0T0L0, did not respond within the
timeout period.
Error - 02/10/2010 10:42:46 | Computer Name = TWOHEAD | Source = Removable Storage Service | ID = 262161
Description = RSM cannot manage library PhysicalDrive9. It encountered an unspecified
error. This can be caused by a number of problems including, but not limited to,
database corruption, failure communicating with the library, or insufficient system
resources.
Error - 02/10/2010 10:42:46 | Computer Name = TWOHEAD | Source = Removable Storage Service | ID = 262161
Description = RSM cannot manage library PhysicalDrive7. It encountered an unspecified
error. This can be caused by a number of problems including, but not limited to,
database corruption, failure communicating with the library, or insufficient system
resources.
Error - 02/10/2010 10:58:23 | Computer Name = TWOHEAD | Source = Removable Storage Service | ID = 262161
Description = RSM cannot manage library PhysicalDrive8. It encountered an unspecified
error. This can be caused by a number of problems including, but not limited to,
database corruption, failure communicating with the library, or insufficient system
resources.
Error - 02/10/2010 10:58:23 | Computer Name = TWOHEAD | Source = Removable Storage Service | ID = 262161
Description = RSM cannot manage library PhysicalDrive7. It encountered an unspecified
error. This can be caused by a number of problems including, but not limited to,
database corruption, failure communicating with the library, or insufficient system
resources.
Error - 02/10/2010 10:59:42 | Computer Name = TWOHEAD | Source = Service Control Manager | ID = 7022
Description = The wampapache service hung on starting.
Error - 02/10/2010 11:01:30 | Computer Name = TWOHEAD | Source = Service Control Manager | ID = 7024
Description = The wampapache service terminated with service-specific error 1.
Error - 02/11/2010 03:31:15 | Computer Name = TWOHEAD | Source = IdeChnDr | ID = 262153
Description = The device, \Device\Ide\IdeDeviceP0T0L0, did not respond within the
timeout period.
Error - 02/11/2010 04:28:55 | Computer Name = TWOHEAD | Source = Service Control Manager | ID = 7024
Description = The wampapache service terminated with service-specific error 1.
Error - 02/11/2010 04:29:31 | Computer Name = TWOHEAD | Source = Removable Storage Service | ID = 262161
Description = RSM cannot manage library PhysicalDrive7. It encountered an unspecified
error. This can be caused by a number of problems including, but not limited to,
database corruption, failure communicating with the library, or insufficient system
resources.
< End of report >
Show Posts