Jump to content

Help with malware

PleaseHelpMe12
 Share

Recommended Posts

  • Replies 166
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Elise

Elise

Posted
Posted

With our last scan, we replaced intelppm. After that you could not boot in normal mode any longer. So, we need to remove the file since your computer obviously doesn't like it. :)

So, in earlier logs it showed up as missing, but not anymore. If you cannot find the file, let me know, and I'll give you a script.

Link to post
Share on other sites
PleaseHelpMe12

PleaseHelpMe12

Posted
  • Author
Posted

OTL logfile created on: 12/11/2010 9:09:04 AM - Run 5

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Compaq_Owner\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 464.00 Mb Available Physical Memory | 52.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 180.31 Gb Total Space | 119.57 Gb Free Space | 66.31% Space Free | Partition Type: NTFS

Drive D: | 5.99 Gb Total Space | 1.51 Gb Free Space | 25.21% Space Free | Partition Type: FAT32

Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/09 17:06:06 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/12/09 17:06:04 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/12/02 14:19:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe

PRC - [2010/11/09 12:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

PRC - [2010/10/28 15:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe

PRC - [2010/10/12 15:11:42 | 004,258,136 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM7\aim.exe

PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2004/11/02 22:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/12/02 14:19:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe

MOD - [2004/08/04 10:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/10/28 02:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2004/11/02 22:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\intelppm.sys -- (intelppm)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2010/08/24 09:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2010/08/24 09:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2010/08/24 09:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2010/08/24 09:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2005/04/20 11:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/04/12 11:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2005/04/12 11:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005/01/19 16:21:56 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)

DRV - [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2003/12/02 17:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)

DRV - [2003/07/11 14:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2002/07/29 13:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

DRV - [2001/08/17 13:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startskins.com/startpage/1259135761/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://swagbucks.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: YouTubeAutoReplay@arikv.com:2.1

FF - prefs.js..extensions.enabledItems: fblayouts@hotlayouts2u.com:2.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 17:13:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/09 17:06:11 | 000,000,000 | ---D | M]

[2010/11/18 18:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions

[2010/12/09 14:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\dsyukx7r.default\extensions

[2010/12/04 19:04:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\dsyukx7r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)

[2010/12/05 22:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\dsyukx7r.default\extensions\fblayouts@hotlayouts2u.com

[2010/12/02 15:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\dsyukx7r.default\extensions\YouTubeAutoReplay@arikv.com

[2010/12/10 17:36:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/21 17:45:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/11/14 23:21:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/11/14 23:21:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/12/10 19:45:23 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

[2010/08/06 15:31:59 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

[2010/09/14 04:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2004/08/04 10:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (FBLayouts Plugin) - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Program Files\FBLayouts\fblayouts.dll (HotLayouts2U)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [LSBWatcher] c:\HP\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [Aim] C:\Program Files\AIM7\aim.exe (AOL Inc.)

O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134 192.168.1.1 68.87.76.182 68.87.78.134

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/01/26 20:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/07/11 18:55:43 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2009/07/11 19:55:42 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2035/02/20 17:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender

[2035/02/20 17:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender

[2035/02/20 17:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender

[2010/12/08 17:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template

[2010/12/05 22:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\FBLayouts

[2010/12/04 23:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\PCHealth

[2010/12/03 18:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\PMB Files

[2010/12/03 18:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks

[2010/12/03 16:18:10 | 000,000,000 | ---D | C] -- C:\564971dd3012d57d2470e61a194b58

[2010/12/02 14:19:03 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe

[2010/12/01 16:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild

[2010/12/01 16:30:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer

[2010/12/01 16:30:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us

[2010/12/01 16:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2010/12/01 16:08:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp

[2010/11/30 22:35:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM

[2010/11/30 22:35:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Adobe

[2010/11/30 17:20:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\TeamViewer

[2010/11/28 11:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0

[2010/11/27 18:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2010/11/27 18:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\AIM7

[2010/11/27 18:01:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp

[2010/11/22 16:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010/11/21 17:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My eBooks

[2010/11/20 20:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinRAR

[2010/11/20 17:25:59 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/11/20 11:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\acccore

[2010/11/20 11:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AOL

[2010/11/20 11:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AIM

[2010/11/20 11:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\AIM

[2010/11/20 11:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/11/20 09:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech

[2010/11/20 09:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2010/11/20 09:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Logitech

[2010/11/20 09:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Logishrd

[2010/11/20 09:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2010/11/19 18:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\GameKiss

[2010/11/19 17:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sun

[2010/11/19 17:33:36 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/11/19 17:14:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak

[2010/11/18 22:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2010/11/18 18:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe

[2010/11/18 18:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads

[2010/11/18 18:40:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\UserData

[2010/11/18 18:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla

[2010/11/18 18:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla

[2010/11/18 18:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia

[2010/11/18 18:34:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent

[2010/11/18 17:33:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft

[2010/11/18 17:33:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\Cookies

[2010/11/18 17:33:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\SendTo

[2010/11/18 17:33:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Videos

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Music

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Favorites

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Templates

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\PrintHood

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\NetHood

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Symantec

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Real

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Identities

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Apple Computer

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}

[2010/11/18 17:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\WINDOWS

[2010/11/18 17:28:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2010/11/18 17:05:06 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache

[2010/11/18 17:03:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/11/18 16:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\NetZero

[2010/11/18 16:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\NEXON

[2010/11/18 16:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media

[2010/11/18 16:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Save(2)

[2010/11/18 16:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft

[2010/11/18 16:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems

[2010/11/18 16:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\SeedC Pacific

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Styler

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Softnyx

[2010/11/18 16:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith

[2010/11/18 16:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games

[2010/11/17 22:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2010/11/16 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)

[2010/11/14 21:34:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\I386

[2010/11/13 11:21:37 | 000,000,000 | ---D | C] -- C:\ERDNT

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/11 09:09:21 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/12/11 09:08:10 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2010/12/11 09:07:30 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat

[2010/12/11 09:04:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/12/11 09:04:10 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/08 19:24:30 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat

[2010/12/06 22:47:51 | 000,102,449 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Stat Build.jpg

[2010/12/05 17:07:41 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url

[2010/12/04 23:03:21 | 000,470,378 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/12/04 23:03:21 | 000,082,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/12/04 09:15:43 | 000,173,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/12/02 22:45:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/12/02 14:19:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe

[2010/12/01 18:59:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/30 17:17:00 | 003,099,848 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\TeamViewer_Setup(2).exe

[2010/11/29 22:33:00 | 000,983,094 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\untitled.bmp

[2010/11/29 22:06:23 | 000,004,194 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Title.jpg

[2010/11/27 19:35:33 | 000,000,020 | ---- | M] () -- C:\WINDOWS\GKLauncherInfo.ini

[2010/11/27 18:18:34 | 000,005,668 | -H-- | M] () -- C:\IPH.PH

[2010/11/27 18:16:26 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

[2010/11/27 18:16:26 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk

[2010/11/27 18:09:42 | 000,000,959 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2010/11/27 18:03:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/25 15:29:55 | 000,000,117 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences2.dat

[2010/11/25 15:29:55 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat

[2010/11/20 11:02:36 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/11/20 09:36:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010/11/19 19:03:01 | 000,000,208 | ---- | M] () -- C:\WINDOWS\freestylegameInfo.xml

[2010/11/19 18:19:05 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/19 18:19:05 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/11/19 17:33:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/11/19 17:07:26 | 000,000,212 | ---- | M] () -- C:\Boot.bak

[2010/11/18 19:15:34 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/11/18 18:36:22 | 000,002,150 | ---- | M] () -- C:\WINDOWS\System32\ssmute.ini

[2010/11/18 18:34:11 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/18 18:33:57 | 000,001,861 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PX807AA-ABA SR1575CL NA530_YC_0Pres_QCNH526_E53NAheRED3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M896_J200_7AMD_8Athlon 64_92.41_#051107_N10390900_Z11C1048C_G10396330.MRK

[2010/11/18 17:31:43 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/08 17:29:02 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat

[2010/12/06 22:48:21 | 000,102,449 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Stat Build.jpg

[2010/12/05 15:28:59 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MapleStory.url

[2010/12/04 19:09:22 | 939,053,056 | -HS- | C] () -- C:\hiberfil.sys

[2010/11/30 17:15:58 | 003,099,848 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\TeamViewer_Setup(2).exe

[2010/11/29 22:33:00 | 000,983,094 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\untitled.bmp

[2010/11/28 17:08:45 | 000,004,194 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Title.jpg

[2010/11/27 18:16:26 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

[2010/11/27 18:16:26 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk

[2010/11/27 18:09:42 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2010/11/25 14:03:15 | 000,000,117 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences2.dat

[2010/11/25 14:02:39 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat

[2010/11/20 20:48:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/20 11:07:45 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/11/20 11:02:36 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/11/20 09:36:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010/11/19 18:56:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GKLauncherInfo.ini

[2010/11/19 18:19:05 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/19 17:19:01 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\LuResult.txt

[2010/11/18 19:15:34 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/11/18 18:33:53 | 000,001,861 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PX807AA-ABA SR1575CL NA530_YC_0Pres_QCNH526_E53NAheRED3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M896_J200_7AMD_8Athlon 64_92.41_#051107_N10390900_Z11C1048C_G10396330.MRK

[2010/11/18 17:33:28 | 000,001,640 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2010/11/18 17:33:28 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk

[2010/11/18 17:33:28 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/18 17:33:28 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk

[2010/11/18 17:33:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2010/11/17 22:48:37 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2010/11/15 17:42:19 | 000,000,208 | ---- | C] () -- C:\WINDOWS\freestylegameInfo.xml

[2010/06/03 08:13:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL

[2010/01/24 21:51:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

[2009/06/16 16:09:36 | 000,000,230 | ---- | C] () -- C:\WINDOWS\reimage.ini

[2008/12/09 21:28:48 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2007/12/17 17:39:54 | 000,000,050 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI

[2007/11/26 21:03:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini

[2007/03/17 21:49:48 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2007/03/17 21:49:48 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2007/03/17 20:58:55 | 000,000,870 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2007/03/17 20:58:55 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2007/01/20 16:16:08 | 000,000,699 | ---- | C] () -- C:\WINDOWS\HEGAMES.INI

[2006/01/30 19:00:39 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TTL3.ini

[2005/12/17 21:36:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/12/09 19:46:57 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/11/29 18:04:19 | 000,000,949 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/11/24 20:07:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini

[2005/11/08 18:06:16 | 000,000,229 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2005/06/23 03:58:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/06/23 03:55:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005/06/23 03:55:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005/06/23 03:55:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005/06/23 03:55:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005/06/23 03:55:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005/06/23 03:55:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005/06/23 03:27:21 | 000,013,975 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2005/06/23 03:27:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2005/06/23 03:26:56 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini

[2005/06/23 03:24:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/06/23 03:11:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/06/23 03:06:13 | 000,094,143 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2005/06/23 03:06:13 | 000,083,779 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2005/06/23 02:56:53 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/06/23 02:55:02 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll

[2005/06/23 02:55:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll

[2005/06/23 02:54:42 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2005/02/18 09:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/01/26 20:53:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/01/19 21:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll

[2005/01/19 21:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll

[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/06/15 20:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/04/10 21:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

[2003/01/07 21:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/09/24 16:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\36D

[2009/04/29 19:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aHisoft

[2010/02/11 19:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM

[2008/12/26 21:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client

[2010/01/16 13:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2010/09/26 11:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender

[2010/06/02 20:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2009/06/08 17:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2010/06/02 18:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure

[2010/01/24 21:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier

[2007/06/17 19:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise

[2009/02/14 10:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2

[2009/03/30 13:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse

[2009/03/26 16:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games

[2007/09/10 19:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft

[2010/09/24 22:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/08/09 11:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker

[2009/06/08 21:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame

[2007/09/03 09:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games

[2007/05/24 17:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive

[2010/01/24 21:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Megaupload

[2010/06/30 09:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

[2009/02/16 18:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9

[2009/07/21 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS

[2007/07/21 12:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games

[2006/02/04 21:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media

[2010/09/18 13:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2009/04/06 15:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2010/12/03 18:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2009/08/19 20:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2009/06/06 16:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games

[2007/03/17 20:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2010/07/02 15:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC

[2010/09/26 21:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/08/05 06:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent

[2010/11/08 19:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2007/10/29 17:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2007/07/15 19:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

[2008/12/04 14:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2010/05/10 16:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/07/10 20:28:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

[2009/04/09 09:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2008/12/13 14:55:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

[2010/11/20 11:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\acccore

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute

[2010/11/20 09:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView

[2010/11/30 17:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TeamViewer

[2010/12/08 17:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template

[2010/12/11 09:08:10 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

[2010/12/11 09:09:21 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98

@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:679ABA25

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B22A8503

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3750BE5

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92C9159A

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE0E5BC2

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDCAE7B5

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:945FE29C

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F99F761

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F5D95B

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B3D4833

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9D528D

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13AA281B

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3A4EC2

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B19CC382

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DC6E295

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5804A24D

< End of report >

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Okay, now you have me confused. :)

You ran the fix to move intelppm.sys in place. After a reboot, your computer would not boot in normal mode.

I asked you to manually remove the file, you told me it was not there.

Now this log shows neither intelppm.sys as it should have been after the fix, nor does it show the intelppm.sys file that we extracted earlier.

Did you do another system restore and does the computer now boot in normal mode?

Link to post
Share on other sites
Elise

Elise

Posted
Posted

First of all, make sure to back up your registry with ERUNT.

BACKUP THE REGISTRY

---------------------------

Backup Your Registry with ERUNT

  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Do NOT continue if you didn't make a registry backup!!

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox.
    :otl
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\intelppm.sys -- (intelppm)


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

When done, restart your computer and let me know if your computer still boots in normal mode.

Link to post
Share on other sites
Elise

Elise

Posted
Posted

I'm glad to hear that! It took a while, but finally clean! :rolleyes:

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :lol:

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Rerun OTL and click the Cleanup button. Allow a reboot. This will remove all logs and tools we used.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.