Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hello.

Started by jbolen , Feb 10 2008 10:19 PM

  • Please log in to reply

#61
jbolen
Posted 14 February 2008 - 08:06 AM

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
here is the rest of the log. You would think I would know to check by now. sorry.

[Files/Folders - Created Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Created Date = 2/13/2008 10:49:54 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2/11/2008 9:06:20 AM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2/11/2008 8:31:38 PM | Attr = ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 2/11/2008 9:13:42 AM | Attr = ]
mcstrm.sys -> %SystemRoot%\System32\drivers\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 2/2/2008 10:13:31 AM | Attr = ]
en-US -> %SystemRoot%\System32\en-US -> [Folder | Created Date = 1/16/2008 8:19:28 PM | Attr = ]
mcs.rma -> %SystemRoot%\System32\mcs.rma -> [Ver = | Size = 870128 bytes | Modified Date = 2/5/2008 5:22:16 PM | Attr = ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 1/16/2008 8:18:13 PM | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 1/16/2008 8:17:49 PM | Attr = H ]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 2/3/2008 11:29:32 AM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2/11/2008 9:06:45 AM | Attr = ]
ftpcache -> %SystemRoot%\ftpcache -> [Folder | Created Date = 1/22/2008 4:01:04 PM | Attr = HS]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14116 | Size = 819200 bytes | Modified Date = 2/11/2008 9:13:42 AM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 2/11/2008 9:12:59 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 345 bytes | Modified Date = 2/11/2008 9:47:22 AM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 2/11/2008 9:13:42 AM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 1/16/2008 8:18:26 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 1/16/2008 8:20:35 PM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 2/13/2008 11:17:28 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 1/16/2008 8:16:00 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 1/16/2008 8:19:30 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Real -> %AppData%\Real -> [Folder | Created Date = 2/2/2008 10:10:48 AM | Attr = ]
Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Created Date = 2/13/2008 12:20:17 PM | Attr = ]
abi letter.doc -> %UserProfile%\My Documents\abi letter.doc -> [Ver = | Size = 24064 bytes | Modified Date = 1/19/2008 9:25:49 AM | Attr = ]
CAITLYN CORRIN MASSENA.doc -> %UserProfile%\My Documents\CAITLYN CORRIN MASSENA.doc -> [Ver = | Size = 31232 bytes | Modified Date = 1/18/2008 2:08:24 PM | Attr = ]
Doc7.doc -> %UserProfile%\My Documents\Doc7.doc -> [Ver = | Size = 31744 bytes | Modified Date = 1/18/2008 1:50:30 PM | Attr = ]
Best Buy Digital Music Store.lnk -> %AllUsersProfile%\Desktop\Best Buy Digital Music Store.lnk -> [Ver = | Size = 675 bytes | Modified Date = 2/2/2008 10:26:40 AM | Attr = ]
TurboTax Deluxe 2007.lnk -> %AllUsersProfile%\Desktop\TurboTax Deluxe 2007.lnk -> [Ver = | Size = 1766 bytes | Modified Date = 1/23/2008 11:25:16 AM | Attr = ]
2007 Bolen J Tax Return.pdf -> %UserProfile%\Desktop\2007 Bolen J Tax Return.pdf -> [Ver = | Size = 125139 bytes | Modified Date = 1/24/2008 11:02:28 AM | Attr = ]
AT&T Yahoo! Mail - [email protected] -> %UserProfile%\Desktop\AT&T Yahoo! Mail - [email protected] -> [Ver = | Size = 335 bytes | Modified Date = 1/31/2008 7:44:36 AM | Attr = ]
@Alternate Data Stream - 6598 bytes -> %UserProfile%\Desktop\AT&T Yahoo! Mail - [email protected]:favicon
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/11/2008 11:47:55 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
avenger -> %UserProfile%\Desktop\avenger -> [Folder | Created Date = 2/12/2008 8:15:08 AM | Attr = ]
avenger.zip -> %UserProfile%\Desktop\avenger.zip -> [Ver = | Size = 127378 bytes | Modified Date = 2/12/2008 8:14:23 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
Best Buy MP3 Help.lnk -> %UserProfile%\Desktop\Best Buy MP3 Help.lnk -> [Ver = | Size = 1620 bytes | Modified Date = 2/2/2008 10:26:40 AM | Attr = ]
dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/11/2008 7:58:52 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
gmer.exe -> %UserProfile%\Desktop\gmer.exe -> [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 2/11/2008 9:12:59 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gmer.exe:Zone.Identifier
gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [Ver = | Size = 695350 bytes | Modified Date = 2/11/2008 7:59:40 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gmer.zip:Zone.Identifier
Internet Explorer.lnk -> %UserProfile%\Desktop\Internet Explorer.lnk -> [Ver = | Size = 767 bytes | Modified Date = 2/3/2008 4:22:00 PM | Attr = ]
OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.17.0 | Size = 290816 bytes | Modified Date = 2/11/2008 8:25:34 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier
rc.iso -> %UserProfile%\Desktop\rc.iso -> [Ver = | Size = 7716864 bytes | Modified Date = 2/13/2008 12:04:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\rc.iso:Zone.Identifier
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2/11/2008 11:52:47 PM | Attr = ]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480446 bytes | Modified Date = 2/11/2008 11:49:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
WinPFind3u -> %UserProfile%\Desktop\WinPFind3u -> [Folder | Created Date = 2/11/2008 7:58:23 AM | Attr = ]
winpfind3u.exe -> %UserProfile%\Desktop\winpfind3u.exe -> [Ver = | Size = 404656 bytes | Modified Date = 2/11/2008 7:58:11 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\winpfind3u.exe:Zone.Identifier
Scanner -> %CommonProgramFiles%\Scanner -> [Folder | Created Date = 2/3/2008 10:41:45 AM | Attr = ]

[Files/Folders - Modified Within 30 days]
avenger -> %SystemDrive%\avenger -> [Folder | Modified Date = 2/13/2008 10:49:54 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2/11/2008 9:06:20 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2/10/2008 9:03:04 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/13/2008 10:48:51 PM | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 2/12/2008 10:27:08 AM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/13/2008 11:17:28 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2/11/2008 8:31:38 PM | Attr = ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4316 | Size = 85713 bytes | Modified Date = 2/11/2008 9:13:42 AM | Attr = ]
mcstrm.sys -> %SystemRoot%\System32\drivers\mcstrm.sys -> RealNetworks, Inc. [Ver = 5.0.2195.8 | Size = 8413 bytes | Modified Date = 2/2/2008 10:13:31 AM | Attr = ]
UMDF -> %SystemRoot%\System32\drivers\UMDF -> [Folder | Modified Date = 2/1/2008 7:45:01 PM | Attr = ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %SystemRoot%\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 2/1/2008 7:45:01 PM | Attr = H ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2/13/2008 11:13:08 PM | Attr = ]
config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 1/16/2008 8:19:36 PM | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2/11/2008 8:33:38 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2/13/2008 10:49:54 PM | Attr = ]
en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 1/16/2008 8:20:44 PM | Attr = ]
mcs.rma -> %SystemRoot%\System32\mcs.rma -> [Ver = | Size = 870128 bytes | Modified Date = 2/5/2008 5:22:16 PM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 62344 bytes | Modified Date = 1/23/2008 11:23:00 AM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 401064 bytes | Modified Date = 1/23/2008 11:23:00 AM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 468826 bytes | Modified Date = 1/23/2008 11:23:00 AM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 2/13/2008 11:06:30 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2/13/2008 7:36:27 AM | Attr = H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 1/16/2008 8:18:13 PM | Attr = H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 1/16/2008 8:17:49 PM | Attr = H ]
ALCFDRTM.VER -> %SystemRoot%\ALCFDRTM.VER -> Realtek Semiconductor Corp. [Ver = 1, 2, 0, 0 | Size = 73728 bytes | Modified Date = 1/16/2008 10:42:42 PM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 1/23/2008 11:54:13 AM | Attr = R S]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 2/3/2008 12:28:20 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/13/2008 11:06:11 PM | Attr = S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/13/2008 11:20:43 PM | Attr = S]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2/11/2008 9:06:45 AM | Attr = ]
ftpcache -> %SystemRoot%\ftpcache -> [Folder | Modified Date = 1/22/2008 4:01:04 PM | Attr = HS]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 14, 14116 | Size = 819200 bytes | Modified Date = 2/11/2008 9:13:42 AM | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 2/11/2008 9:12:59 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 345 bytes | Modified Date = 2/11/2008 9:47:22 AM | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 2/11/2008 9:13:42 AM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/16/2008 10:29:30 PM | Attr = ]
ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 1/16/2008 8:19:12 PM | Attr = H ]
ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 1/16/2008 8:20:35 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 1/16/2008 8:20:53 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/13/2008 7:36:46 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/13/2008 12:04:14 PM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 2/13/2008 11:17:28 PM | Attr = ]
lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 600 bytes | Modified Date = 2/13/2008 9:23:07 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 1/16/2008 8:19:22 PM | Attr = ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 1/23/2008 11:53:21 AM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 1/16/2008 8:16:00 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/13/2008 11:20:56 PM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2/13/2008 10:57:17 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/10/2008 8:38:00 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/13/2008 11:17:28 PM | Attr = ]
WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 1/16/2008 8:19:30 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 649 bytes | Modified Date = 2/13/2008 11:06:32 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 1/23/2008 11:21:09 AM | Attr = ]
mcafee antispyware.job -> %SystemRoot%\tasks\mcafee antispyware.job -> [Ver = | Size = 362 bytes | Modified Date = 2/8/2008 9:00:00 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/13/2008 11:06:13 PM | Attr = H ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 9140 bytes | Modified Date = 2/13/2008 11:07:09 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 9140 bytes | Modified Date = 2/13/2008 11:07:09 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11814 bytes | Modified Date = 2/27/2007 12:39:30 PM | Attr = ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/4/2007 6:58:08 AM | Attr = ]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 166221 bytes | Modified Date = 4/4/2007 7:01:03 AM | Attr = ]
fsgk32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.50.13332.1 | Size = 368640 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
fssm32.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.50.13332.1 | Size = 446464 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
lsse.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Spyware\lsse.dll -> Lavasoft [Ver = 1.0.35.0 | Size = 184320 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
AVPFPI0.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
avpproxy.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
daas_s.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.12471 | Size = 500120 bytes | Modified Date = 5/7/2007 4:38:46 PM | Attr = ]
DFFPI.DLL -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\DFFPI.DLL -> F-Secure Corporation [Ver = 1.02.37 | Size = 151552 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
fm4av.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll -> [Ver = | Size = 486912 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
fpinor.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13100 | Size = 113664 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
fsbl.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
fsbld.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbld.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 2/13/2008 11:20:43 PM | Attr = ]
fsgkiapi.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.50.13330.18100 | Size = 68096 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
FSHKE.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FSHKE.dll -> F-Secure Corporation [Ver = 1, 0, 0, 4 | Size = 61440 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
FSLFPI.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\FSLFPI.dll -> F-Secure Corporation [Ver = 2.04.02 | Size = 237664 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
fssubmit.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
lsse.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\lsse.dll -> Lavasoft [Ver = 1.0.35.0 | Size = 184320 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
Nse_w32.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll -> [Ver = | Size = 506936 bytes | Modified Date = 2/13/2008 11:14:29 PM | Attr = ]
segrules.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\segrules.dat -> [Ver = | Size = 707 bytes | Modified Date = 2/13/2008 11:13:31 PM | Attr = ]
ext.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat -> [Ver = | Size = 444 bytes | Modified Date = 2/13/2008 11:20:40 PM | Attr = ]
fshke.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\fshke.dat -> [Ver = | Size = 84 bytes | Modified Date = 2/13/2008 11:20:41 PM | Attr = ]
orion.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\orion.dat -> [Ver = | Size = 737841 bytes | Modified Date = 2/13/2008 11:13:42 PM | Attr = ]
orioneng.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\orioneng.dat -> [Ver = | Size = 1325 bytes | Modified Date = 2/13/2008 11:13:42 PM | Attr = ]
orionfin.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\orionfin.dat -> [Ver = | Size = 1599 bytes | Modified Date = 2/13/2008 11:13:42 PM | Attr = ]
perf.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\perf.dat -> [Ver = | Size = 128 bytes | Modified Date = 2/14/2008 12:22:17 AM | Attr = ]
sae.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat -> [Ver = | Size = 243 bytes | Modified Date = 2/13/2008 11:20:40 PM | Attr = ]
sai.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat -> [Ver = | Size = 1348 bytes | Modified Date = 2/13/2008 11:20:40 PM | Attr = ]
[email protected] -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Spyware\[email protected] -> [Ver = | Size = 205 bytes | Modified Date = 2/13/2008 11:20:40 PM | Attr = ]
[email protected] -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 203 bytes | Modified Date = 2/13/2008 11:20:40 PM | Attr = ]
[email protected] -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 205 bytes | Modified Date = 2/13/2008 11:20:16 PM | Attr = ]
[email protected] -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 241 bytes | Modified Date = 2/13/2008 11:20:43 PM | Attr = ]
[email protected] -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 206 bytes | Modified Date = 2/13/2008 11:20:41 PM | Attr = ]
[email protected] -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 206 bytes | Modified Date = 2/13/2008 11:20:22 PM | Attr = ]
[email protected] -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 175 bytes | Modified Date = 2/13/2008 11:20:28 PM | Attr = ]
[email protected] -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 206 bytes | Modified Date = 2/13/2008 11:13:42 PM | Attr = ]
[email protected] -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\[email protected] -> [Ver = | Size = 204 bytes | Modified Date = 2/13/2008 11:14:29 PM | Attr = ]
verdicts.ini -> C:\Documents and Settings\Owner\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini -> [Ver = | Size = 2539 bytes | Modified Date = 2/13/2008 11:20:17 PM | Attr = ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
McAfee -> %AllUsersProfile%\Application Data\McAfee -> [Folder | Modified Date = 2/10/2008 8:35:50 PM | Attr = ]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 2/1/2008 7:45:02 PM | Attr = S]
Intuit -> %AppData%\Intuit -> [Folder | Modified Date = 1/23/2008 11:29:26 AM | Attr = ]
Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 1/23/2008 9:01:14 PM | Attr = S]
Move Networks -> %AppData%\Move Networks -> [Folder | Modified Date = 2/1/2008 10:19:58 AM | Attr = ]
Real -> %AppData%\Real -> [Folder | Modified Date = 2/2/2008 10:13:31 AM | Attr = ]
Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Modified Date = 2/13/2008 12:20:17 PM | Attr = ]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4829730 bytes | Modified Date = 2/13/2008 11:04:55 PM | Attr = H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2/11/2008 9:47:14 AM | Attr = ]
abi letter.doc -> %UserProfile%\My Documents\abi letter.doc -> [Ver = | Size = 24064 bytes | Modified Date = 1/19/2008 9:25:49 AM | Attr = ]
band questions.doc -> %UserProfile%\My Documents\band questions.doc -> [Ver = | Size = 24576 bytes | Modified Date = 1/18/2008 6:35:09 PM | Attr = ]
CAITLYN CORRIN MASSENA.doc -> %UserProfile%\My Documents\CAITLYN CORRIN MASSENA.doc -> [Ver = | Size = 31232 bytes | Modified Date = 1/18/2008 2:08:24 PM | Attr = ]
Doc7.doc -> %UserProfile%\My Documents\Doc7.doc -> [Ver = | Size = 31744 bytes | Modified Date = 1/18/2008 1:50:30 PM | Attr = ]
Dr. Davidson notes.doc -> %UserProfile%\My Documents\Dr. Davidson notes.doc -> [Ver = | Size = 22016 bytes | Modified Date = 1/29/2008 12:49:38 PM | Attr = ]
TurboTax -> %UserProfile%\My Documents\TurboTax -> [Folder | Modified Date = 1/24/2008 11:02:49 AM | Attr = ]
Best Buy Digital Music Store.lnk -> %AllUsersProfile%\Desktop\Best Buy Digital Music Store.lnk -> [Ver = | Size = 675 bytes | Modified Date = 2/2/2008 10:26:40 AM | Attr = ]
TurboTax Deluxe 2007.lnk -> %AllUsersProfile%\Desktop\TurboTax Deluxe 2007.lnk -> [Ver = | Size = 1766 bytes | Modified Date = 1/23/2008 11:25:16 AM | Attr = ]
2007 Bolen J Tax Return.pdf -> %UserProfile%\Desktop\2007 Bolen J Tax Return.pdf -> [Ver = | Size = 125139 bytes | Modified Date = 1/24/2008 11:02:28 AM | Attr = ]
abi.url -> %UserProfile%\Desktop\abi.url -> [Ver = | Size = 374 bytes | Modified Date = 2/10/2008 4:27:54 PM | Attr = ]
@Alternate Data Stream - 894 bytes -> %UserProfile%\Desktop\abi.url:favicon
AT&T Yahoo! Mail - [email protected] -> %UserProfile%\Desktop\AT&T Yahoo! Mail - [email protected] -> [Ver = | Size = 335 bytes | Modified Date = 1/31/2008 7:44:36 AM | Attr = ]
@Alternate Data Stream - 6598 bytes -> %UserProfile%\Desktop\AT&T Yahoo! Mail - [email protected]:favicon
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 2/11/2008 11:47:55 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier
avenger -> %UserProfile%\Desktop\avenger -> [Folder | Modified Date = 2/12/2008 8:15:08 AM | Attr = ]
avenger.zip -> %UserProfile%\Desktop\avenger.zip -> [Ver = | Size = 127378 bytes | Modified Date = 2/12/2008 8:14:23 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier
Best Buy MP3 Help.lnk -> %UserProfile%\Desktop\Best Buy MP3 Help.lnk -> [Ver = | Size = 1620 bytes | Modified Date = 2/2/2008 10:26:40 AM | Attr = ]
brandy photo -> %UserProfile%\Desktop\brandy photo -> [Folder | Modified Date = 2/5/2008 8:49:34 PM | Attr = ]
dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/11/2008 7:58:52 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
gmer.exe -> %UserProfile%\Desktop\gmer.exe -> [Ver = 1, 0, 14, 14116 | Size = 757760 bytes | Modified Date = 2/11/2008 9:12:59 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gmer.exe:Zone.Identifier
gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [Ver = | Size = 695350 bytes | Modified Date = 2/11/2008 7:59:40 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\gmer.zip:Zone.Identifier
Internet Explorer.lnk -> %UserProfile%\Desktop\Internet Explorer.lnk -> [Ver = | Size = 767 bytes | Modified Date = 2/3/2008 4:22:00 PM | Attr = ]
Learn to Read at Starfall - teaching comprehension and phonics.url -> %UserProfile%\Desktop\Learn to Read at Starfall - teaching comprehension and phonics.url -> [Ver = | Size = 246 bytes | Modified Date = 2/8/2008 9:21:43 PM | Attr = ]
@Alternate Data Stream - 1150 bytes -> %UserProfile%\Desktop\Learn to Read at Starfall - teaching comprehension and phonics.url:favicon
OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.17.0 | Size = 290816 bytes | Modified Date = 2/11/2008 8:25:34 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier
rc.iso -> %UserProfile%\Desktop\rc.iso -> [Ver = | Size = 7716864 bytes | Modified Date = 2/13/2008 12:04:58 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\rc.iso:Zone.Identifier
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 2/13/2008 10:57:17 PM | Attr = ]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 480446 bytes | Modified Date = 2/11/2008 11:49:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
WinPFind3u -> %UserProfile%\Desktop\WinPFind3u -> [Folder | Modified Date = 2/11/2008 9:04:31 AM | Attr = ]
winpfind3u.exe -> %UserProfile%\Desktop\winpfind3u.exe -> [Ver = | Size = 404656 bytes | Modified Date = 2/11/2008 7:58:11 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\winpfind3u.exe:Zone.Identifier
AnswerWorks 4.0 -> %CommonProgramFiles%\AnswerWorks 4.0 -> [Folder | Modified Date = 1/23/2008 11:25:38 AM | Attr = ]
Scanner -> %CommonProgramFiles%\Scanner -> [Folder | Modified Date = 2/3/2008 10:41:45 AM | Attr = ]

< End of report >
[/code]
  • 0

Advertisements

#62
jbolen
Posted 14 February 2008 - 08:15 AM

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
:) .....attention everyone I have an anouncment to make.. My computer now works like a computer. Everything is working the way that it should. I would like to thank everyone, even the people that might have helped behind the seen, on fixing my computer. Special thanks go out to Kat, RiP_chain, and Old_Timer. I have sucessfully loaded and updated McAfee. I can also acess the hijackthis part of forum. My windows no longer close down when I type in anything to do with with anti virus software. Thanks again everyone. :) :) :) :) :)
  • 0

#63
OldTimer
Posted 14 February 2008 - 11:10 AM

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi jbolen. As expected, everything looks fine. Good job! Glad to hear that evrything is fine now.

What I suggest is to run the system for a couple of days and get back to me. I'm going to move this topic into the Malware forum (I'll send you the new link). Then if everything is running fine we have a bit of final cleanup to do and you will be free.

Cheers.

OT
  • 0

#64
admin
Posted 14 February 2008 - 11:32 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts

I'm going to move this topic into the Malware forum (I'll send you the new link).


The link will stay the same, and topic notifications will follow too. :)
  • 0

#65
OldTimer
Posted 14 February 2008 - 12:40 PM

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Cool :) I thought it might change lol.

OT
  • 0

#66
Kat
Posted 14 February 2008 - 02:54 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
:) Well done, OT and Rip!! :) You two rock!!
  • 0

#67
RiP
Posted 14 February 2008 - 03:01 PM

RiP

    Malware Expert

  • Retired Staff
  • 8,430 posts

I would like to thank everyone, even the people that might have helped behind the seen, on fixing my computer.

That would be mainly be Kat, and quite a few others she troubleshooted this issue with. OldTimer was the true champion here, it was a great learning experience watching this topic through to the end. I'm very glad that your computer is working well again, jbolen :)
  • 0

#68
Kat
Posted 14 February 2008 - 03:25 PM

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP

OldTimer was the true champion here, it was a great learning experience watching this topic through to the end.


Thank goodness OT was in chat when Rip and I were discussing this! :) I learned a lot from this one, as well. :)
  • 0

#69
OldTimer
Posted 14 February 2008 - 03:47 PM

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
I think that this one was definitely a group effort. Throughout the fix I saw alot of members, helpers and staff peering in to see how we were progressing. I'm glad that Wannabe1 jumped in and gave me the information on the RC download (I wasn't even aware of that lol). I can tell you that I have that tidbit safely stored away.

Now I'm going to need to pick his brain to see what else he has tucked up his sleeve :)

This just goes to show the great team we have here at G2G and the willingness of our staff and users to step up, lend a hand, and share their expertise.

Well done to all!

OT
  • 0

#70
jbolen
Posted 14 February 2008 - 09:02 PM

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I almost feel like we need to have a party and just sit back and enjoy our favorite beverage. :)
  • 0

Advertisements

#71
jbolen
Posted 15 February 2008 - 09:43 AM

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
My computer did its first scan this morning, now I sound like a proud parent, and it found something. I am having problems posting an image of the file so I will type it out. This is just so you guys can take a look at the other logs that I posted and maybe see something.
This is verbatim from McAfee:

Detection name: “Generic AdClicker.o” (Trojan), “Generic AdClicker.o”(Trojan)
File: C:\System Volume Information\_Restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP527\A0039282.DLL

This file was quarantined.
Any questions on this you know how to get a hold of me. :)

Edited by jbolen, 15 February 2008 - 09:44 AM.

  • 0

#72
OldTimer
Posted 15 February 2008 - 10:11 AM

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi jbolen. That is in a System Restore point so you do not need to worry about that (unless you do a system restore). We still need to clean those out as part of our final cleanup to reset the retore points and remove all of the tools we used during the fix. Whenever you feel confident that the machine is stable we can finish those items up.

Cheers.

OT
  • 0

#73
jbolen
Posted 29 February 2008 - 04:11 PM

jbolen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
ok. so far so good. I think everything is running good. The only thing to report is yesterday I got the blue screen of death. The computer was restarted and I did a virus scan and found nothing. no other problems.

Jbolen
  • 0

#74
OldTimer
Posted 01 March 2008 - 12:20 AM

OldTimer

    Global Moderator

  • Global Moderator
  • 3,273 posts
Hi jbolen. Yes, sometimes that can happen randomly. Other than that instance, I'm glad to hear that things are running well. Let's do our final cleanup to reset the System Restore points and remove all of the tools we used during the fix and then you are all set.

Step #1

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Step #2

To remove all of the tools we used and the files and folders they created do the following:

  • Start WinPFind35
    Click the CleanUp button
  • WinPFind35 will download a small file from the Internet. If a security program or firewall warns you of this allow it to download.
  • WinPFind35 will delete any tools downloaded and files/folders created and then ask you to reboot so it can remove itself. Click Yes.
After that you are good to go.

Cheers.

OT
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP