Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google virus that's spread to other websites

Started by aubreylauren , May 21 2009 02:13 AM

  • Please log in to reply

#1
aubreylauren
Posted 21 May 2009 - 02:13 AM

aubreylauren

    New Member

  • Member
  • Pip
  • 1 posts
Hello, I'm new here but I noticed you guys do a lot of helping out, and I'm getting a little bit desperate. I've seen other topics on the google redirect virus, and I've tried everything that has been said on those sites to get my problem fixed. Nothing seems to work :) I'd really like to get my computer into working order again. Any time I go to click on a link on ANY website, it takes me to a fake search page. Not only that, but if I try to get to certain websites, it tells me this :

XML Parsing Error: not well-formed
Location: http://www.wowarmory...ut/includes.xsl
Line Number 23, Column 60:<head><script src="http://google-redire...9375"></script>
-----------------------------------------------------------^

Please help me out, I've had this for a few days and nothing seems to work to get rid of it. Here are my logs.

ROOTER LOG:
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:53278 Mo/Free:2477 Mo)

Thu 05/21/2009| 4:05

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
---------- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
---------- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
---------- C:\Program Files\Common Files\AOL\1242003016\ee\AOLSoftware.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\AIM\aim.exe
---------- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\WINDOWS\System32\msiexec.exe
---------- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe
---------- C:\Documents and Settings\Aubrey Lauren\Desktop\OTListIt2.exe
---------- C:\WINDOWS\notepad.exe
---------- C:\WINDOWS\notepad.exe
---------- C:\Documents and Settings\Aubrey Lauren\Desktop\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Thu 05/21/2009| 4:05

----------------------\\ Scan completed at 4:05



OTListIt LOG:

OTListIt logfile created on: 5/21/2009 4:10:58 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Aubrey Lauren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.23 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 58.45% Memory free
1.82 Gb Paging File | 1.48 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.03 Gb Total Space | 22.42 Gb Free Space | 43.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER
Current User Name: Aubrey Lauren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\AOL\1242003016\ee\AOLSoftware.exe (AOL LLC)
PRC - C:\Program Files\AIM\aim.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe (ParetoLogic Inc.)
PRC - C:\Documents and Settings\Aubrey Lauren\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - \?\globalroot\C:\WINDOWS\system32\rundll32.exe File not found

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (getPlus® Helper [Disabled | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NMIndexingService [Disabled | Stopped]) -- File not found
SRV - (ose [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (WLANKEEPER [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation)
SRV - (WLSetupSvc [Disabled | Stopped]) -- File not found
SRV - (ZeppelinService [Auto | Running]) -- C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe (ParetoLogic Inc.)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CdaD10BA [Auto | Running]) -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS (Macrovision Europe Ltd)
DRV - (Cdr4_xp [System | Stopped]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Stopped]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (dvd_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mmc_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (STAC97 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (tifm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm.sys (Texas Instruments)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (MBAMSwissArmy [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://insanejournal.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {0934A758-C735-4A4D-B7F1-8591CE7CA4F9}:1.0
FF - prefs.js..extensions.enabledItems: {1DA33548-6684-4A71-B3E5-C194869DCD5E}:1.0
FF - prefs.js..extensions.enabledItems: {2B57D07C-5D24-41A5-9D11-2738D479D299}:1.0
FF - prefs.js..extensions.enabledItems: {43E6F031-974A-402C-988B-81BEF48813B2}:1.0
FF - prefs.js..extensions.enabledItems: {470BF18A-9D97-464E-BBCD-08A55D9A78D6}:1.0
FF - prefs.js..extensions.enabledItems: {539A7202-3523-4791-A772-22D49AE84F6A}:1.0
FF - prefs.js..extensions.enabledItems: {578AC469-66BA-42F7-8DD0-3AE573CA5E1E}:1.0
FF - prefs.js..extensions.enabledItems: {60C74FBC-DEEA-48C8-8CA1-C5F34774ED8E}:1.0
FF - prefs.js..extensions.enabledItems: {72C6A60E-AA31-4AC8-B601-0B7E6C10F3EE}:1.0
FF - prefs.js..extensions.enabledItems: {7A2B6B08-312B-4B51-95E2-D127FB9F8519}:1.0
FF - prefs.js..extensions.enabledItems: {7B29A4C2-5C2D-4071-A605-5CAFCFA0ADCE}:1.0
FF - prefs.js..extensions.enabledItems: {892AF579-1963-4FAC-BBFD-990D771C8742}:1.0
FF - prefs.js..extensions.enabledItems: {8D89897D-0D57-456C-97D6-47D955E23AFF}:1.0
FF - prefs.js..extensions.enabledItems: {C2BD6CC2-4BFB-45F4-BD22-E4097991C9F2}:1.0
FF - prefs.js..extensions.enabledItems: {C8CB649B-2CB8-49A9-A340-39CF4C92F4C7}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CE32788A-57C1-4292-80B2-B64D224780D1}:1.0
FF - prefs.js..extensions.enabledItems: {DDF69204-B3D7-4734-A0BC-4B31DF25ED17}:1.0
FF - prefs.js..extensions.enabledItems: {F0032B76-848E-4F83-9EE4-6E751E7A9B78}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/20 23:21:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/20 23:21:21 | 00,000,000 | ---D | M]

[2009/05/20 23:21:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aubrey Lauren\Application Data\mozilla\Extensions
[2009/05/20 23:21:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aubrey Lauren\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/20 23:21:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Aubrey Lauren\Application Data\mozilla\Firefox\Profiles\4ba5tvpa.default\extensions
[2009/05/21 03:54:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/18 16:24:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{0934A758-C735-4A4D-B7F1-8591CE7CA4F9}
[2009/05/19 15:10:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{1DA33548-6684-4A71-B3E5-C194869DCD5E}
[2009/05/18 19:36:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{2B57D07C-5D24-41A5-9D11-2738D479D299}
[2009/05/18 19:13:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{43E6F031-974A-402C-988B-81BEF48813B2}
[2009/05/17 03:01:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{470BF18A-9D97-464E-BBCD-08A55D9A78D6}
[2009/05/18 19:11:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{539A7202-3523-4791-A772-22D49AE84F6A}
[2009/05/21 03:32:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{578AC469-66BA-42F7-8DD0-3AE573CA5E1E}
[2009/05/18 00:31:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{60C74FBC-DEEA-48C8-8CA1-C5F34774ED8E}
[2009/05/19 15:18:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{72C6A60E-AA31-4AC8-B601-0B7E6C10F3EE}
[2009/05/17 01:20:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{7A2B6B08-312B-4B51-95E2-D127FB9F8519}
[2009/05/20 16:13:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{7B29A4C2-5C2D-4071-A605-5CAFCFA0ADCE}
[2009/05/20 16:22:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{892AF579-1963-4FAC-BBFD-990D771C8742}
[2009/05/21 01:40:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{8D89897D-0D57-456C-97D6-47D955E23AFF}
[2009/05/20 23:21:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/16 05:17:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C2BD6CC2-4BFB-45F4-BD22-E4097991C9F2}
[2009/05/21 03:54:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C8CB649B-2CB8-49A9-A340-39CF4C92F4C7}
[2008/05/02 02:21:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/05/18 00:34:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CE32788A-57C1-4292-80B2-B64D224780D1}
[2009/05/15 03:34:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{DDF69204-B3D7-4734-A0BC-4B31DF25ED17}
[2009/05/18 20:34:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{F0032B76-848E-4F83-9EE4-6E751E7A9B78}
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Giants Toolbar) - {A057A204-BACC-4D26-B7F7-49F8CCAB3ED4} - C:\PROGRA~1\PRODEG~1\PRODEG~1.DLL File not found
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,[email protected] ( )
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1242003016\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
O4 - HKLM..\Run: [ParetoLogic Anti-Virus PLUS] "C:\Program Files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" -NM -hidesplash ()
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\Aubrey Lauren\Start Menu\Programs\Startup\ChkDisk.dll ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\__c002D4A9: DllName - C:\WINDOWS\system32\__c002D4A9.dat - C:\WINDOWS\system32\__c002D4A9.dat ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/09 18:05:08 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{efcc5400-3784-11de-a9ff-0012f07436aa}\Shell\AutoRun\command - "" = E:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{efcc5400-3784-11de-a9ff-0012f07436aa}\Shell\Flip Video for PC\command - "" = E:\system\viewer\FlipVideoforPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/17 22:56:03 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/21 04:10:47 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/21 04:05:25 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/21 04:05:18 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Aubrey Lauren\Desktop\Rooter.exe
[2009/05/21 04:03:08 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aubrey Lauren\Desktop\OTListIt2.exe
[2009/05/21 03:59:14 | 00,001,972 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk
[2009/05/21 03:59:12 | 00,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2009/05/21 03:59:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/05/21 03:59:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
[2009/05/21 03:59:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/21 03:58:30 | 11,748,680 | ---- | C] (ParetoLogic ) -- C:\Documents and Settings\Aubrey Lauren\Desktop\Pareto_AV_Setup_RW.exe
[2009/05/21 03:52:04 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/05/21 03:51:55 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Aubrey Lauren\Desktop\KillBox.exe
[2009/05/21 03:47:54 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Aubrey Lauren\Desktop\HijackThis.lnk
[2009/05/21 03:47:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/21 03:47:45 | 00,186,946 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Aubrey Lauren\Desktop\AntiPuper.exe
[2009/05/21 03:47:30 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Aubrey Lauren\Desktop\HJTInstall.exe
[2009/05/21 03:43:56 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2009/05/21 03:43:56 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2009/05/21 03:43:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Local Settings\Apps
[2009/05/21 03:32:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/21 02:59:13 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/05/21 02:58:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/05/21 02:58:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/05/21 02:58:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/21 02:58:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/05/21 02:58:40 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2009/05/21 02:46:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/05/20 23:21:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Application Data\Mozilla
[2009/05/20 23:21:24 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/05/20 15:46:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Application Data\Malwarebytes
[2009/05/19 16:14:10 | 00,023,040 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\1054l.exe
[2009/05/19 16:13:41 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setup.exe
[2009/05/19 15:43:37 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\service-466.exe
[2009/05/19 15:28:34 | 00,028,672 | ---- | C] ( ) -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/18 19:32:02 | 00,000,053 | ---- | C] () -- C:\xcrashdump.dat
[2009/05/18 19:29:25 | 00,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2009/05/18 19:29:25 | 00,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2009/05/18 19:22:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/05/18 19:21:21 | 00,000,104 | ---- | C] () -- C:\Documents and Settings\Aubrey Lauren\Desktop\My Computer.lnk
[2009/05/18 10:30:47 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\__c002D4A9.dat
[2009/05/18 10:30:44 | 00,037,376 | ---- | C] () -- C:\WINDOWS\System32\glsetup.exe
[2009/05/18 02:06:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Application Data\Move Networks
[2009/05/17 22:56:03 | 00,023,552 | -HS- | C] ( ) -- C:\Documents and Settings\Aubrey Lauren\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/17 22:56:03 | 00,000,655 | -HS- | C] () -- C:\Documents and Settings\Aubrey Lauren\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/17 22:56:02 | 00,023,552 | -HS- | C] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/17 14:56:10 | 00,000,046 | ---- | C] () -- C:\WINDOWS\System32\p2hhr.bat
[2009/05/17 14:55:59 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\ak1.exe
[2009/05/17 02:06:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\My Documents\filelib
[2009/05/17 02:06:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Application Data\Aim
[2009/05/17 01:46:53 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2009/05/17 01:34:54 | 00,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2009/05/17 01:32:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Application Data\Apple Computer
[2009/05/17 01:27:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\My Documents\My PSP Files
[2009/05/17 01:27:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Application Data\Jasc Software Inc
[2009/05/17 01:24:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Application Data\Adobe
[2009/05/17 01:22:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Application Data\Viewpoint
[2009/05/17 01:22:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Application Data\AOL
[2009/05/17 01:21:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Application Data\Macromedia
[2009/05/17 01:20:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Application Data\Identities
[2009/05/17 01:20:40 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Aubrey Lauren\My Documents\desktop.ini
[2009/05/17 01:20:40 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Aubrey Lauren\My Documents\My Pictures
[2009/05/17 01:20:40 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Aubrey Lauren\My Documents\My Music
[2009/05/17 01:20:37 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Aubrey Lauren\Local Settings\desktop.ini
[2009/05/17 01:20:37 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Aubrey Lauren\Application Data\desktop.ini
[2009/05/17 01:20:36 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Aubrey Lauren\Start Menu\Programs\Startup\desktop.ini
[2009/05/17 01:20:36 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Aubrey Lauren\Local Settings\Temporary Internet Files
[2009/05/17 01:20:36 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Aubrey Lauren\Local Settings\History
[2009/05/17 01:20:36 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Aubrey Lauren\Application Data\Microsoft
[2009/05/17 01:20:36 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Aubrey Lauren\Local Settings\Application Data
[2009/05/17 01:20:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Local Settings\Temp
[2009/05/17 01:20:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Aubrey Lauren\Application Data\Intel
[2009/05/15 14:27:00 | 00,013,824 | ---- | C] () -- C:\WINDOWS\System32\SYS32DLL.exe
[2009/05/15 14:26:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\796525
[2009/05/15 14:26:51 | 00,000,190 | ---- | C] () -- C:\43214354.bat
[2009/05/15 03:49:34 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/05/15 03:49:31 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\loader49.exe
[2009/05/15 03:35:15 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\sunofefa.dll
[2009/05/15 03:35:15 | 00,002,098 | -HS- | C] () -- C:\WINDOWS\System32\rigadiho.dll
[2009/05/11 03:17:12 | 00,086,282 | ---- | C] () -- C:\VETlog.dmp
[2009/05/10 21:00:13 | 00,010,920 | ---- | C] () -- C:\aolconnfix.exe
[2009/05/10 20:51:42 | 00,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2009/05/10 20:50:31 | 00,000,000 | ---D | C] -- C:\Program Files\AOL
[2009/05/10 20:50:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/05/10 20:50:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\aolshare
[2009/05/10 20:50:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2009/05/10 20:50:12 | 00,000,000 | ---D | C] -- C:\Program Files\AOL 9.1
[2009/04/24 02:30:54 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/24 02:30:52 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/24 02:30:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/24 02:30:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/24 02:09:29 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.gpref
[2009/04/24 01:47:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nfr.assembly
[2009/04/17 03:03:56 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/18 14:43:08 | 00,111,960 | ---- | C] () -- C:\WINDOWS\System32\INetHTTPFilter.dll
[2009/01/16 05:23:09 | 00,087,552 | -HS- | C] () -- C:\WINDOWS\System32\bokiluve.dll
[2007/09/18 12:28:57 | 00,001,816 | -H-- | C] () -- C:\WINDOWS\TSearch.INI
[2007/06/08 23:13:15 | 00,000,099 | -H-- | C] () -- C:\WINDOWS\DisneyTime.INI
[2007/06/08 12:13:03 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2007/04/05 21:24:01 | 00,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/02 21:08:11 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/12/03 16:58:29 | 00,000,029 | -H-- | C] () -- C:\WINDOWS\atid.ini
[2006/12/02 00:10:02 | 00,000,453 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/15 18:40:22 | 00,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/03/01 15:30:20 | 00,000,453 | -H-- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2003/07/16 16:51:23 | 00,000,744 | -H-- | C] () -- C:\WINDOWS\win.ini
[2003/07/16 16:47:28 | 00,000,292 | -H-- | C] () -- C:\WINDOWS\system.ini
[2003/02/19 16:20:16 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/21 04:09:46 | 00,028,672 | ---- | M] ( ) -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/21 04:05:18 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Aubrey Lauren\Desktop\Rooter.exe
[2009/05/21 04:03:09 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aubrey Lauren\Desktop\OTListIt2.exe
[2009/05/21 03:59:14 | 00,001,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Anti-Virus PLUS.lnk
[2009/05/21 03:58:30 | 11,748,680 | ---- | M] (ParetoLogic ) -- C:\Documents and Settings\Aubrey Lauren\Desktop\Pareto_AV_Setup_RW.exe
[2009/05/21 03:56:59 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/21 03:54:52 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Aubrey Lauren\Local Settings\desktop.ini
[2009/05/21 03:54:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/21 03:54:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/21 03:53:44 | 00,023,552 | -HS- | M] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/21 03:51:56 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Aubrey Lauren\Desktop\KillBox.exe
[2009/05/21 03:47:54 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Aubrey Lauren\Desktop\HijackThis.lnk
[2009/05/21 03:47:45 | 00,186,946 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Aubrey Lauren\Desktop\AntiPuper.exe
[2009/05/21 03:47:36 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Aubrey Lauren\Desktop\HJTInstall.exe
[2009/05/21 03:36:41 | 00,502,362 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/21 03:36:41 | 00,423,512 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/21 03:36:41 | 00,071,286 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/21 03:36:28 | 00,023,552 | -HS- | M] ( ) -- C:\Documents and Settings\Aubrey Lauren\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/21 03:36:28 | 00,000,655 | -HS- | M] () -- C:\Documents and Settings\Aubrey Lauren\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/21 03:36:24 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/05/21 03:35:10 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Aubrey Lauren\My Documents\desktop.ini
[2009/05/21 03:33:05 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/05/21 03:31:34 | 00,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/21 02:45:23 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/05/20 23:21:24 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/05/20 16:25:02 | 00,000,744 | -H-- | M] () -- C:\WINDOWS\win.ini
[2009/05/20 15:13:53 | 00,028,160 | ---- | M] () -- C:\WINDOWS\System32\__c002D4A9.dat
[2009/05/20 07:29:09 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\service-466.exe
[2009/05/18 19:32:02 | 00,000,053 | ---- | M] () -- C:\xcrashdump.dat
[2009/05/18 19:21:21 | 00,000,104 | ---- | M] () -- C:\Documents and Settings\Aubrey Lauren\Desktop\My Computer.lnk
[2009/05/18 10:30:46 | 00,037,376 | ---- | M] () -- C:\WINDOWS\System32\glsetup.exe
[2009/05/17 14:56:10 | 00,000,046 | ---- | M] () -- C:\WINDOWS\System32\p2hhr.bat
[2009/05/17 14:55:59 | 00,023,040 | ---- | M] () -- C:\WINDOWS\System32\ak1.exe
[2009/05/17 02:19:43 | 00,086,282 | ---- | M] () -- C:\VETlog.dmp
[2009/05/15 14:27:00 | 00,013,824 | ---- | M] () -- C:\WINDOWS\System32\SYS32DLL.exe
[2009/05/15 14:26:51 | 00,000,190 | ---- | M] () -- C:\43214354.bat
[2009/05/15 03:54:50 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\juyoniwu
[2009/05/15 03:49:34 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/05/15 03:49:32 | 00,019,456 | ---- | M] () -- C:\WINDOWS\System32\loader49.exe
[2009/05/15 03:35:15 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\sunofefa.dll
[2009/05/15 03:35:15 | 00,002,098 | -HS- | M] () -- C:\WINDOWS\System32\rigadiho.dll
[2009/05/11 20:06:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/10 21:00:13 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2009/05/09 18:05:08 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/24 02:10:51 | 00,000,292 | -H-- | M] () -- C:\WINDOWS\system.ini
[2009/04/24 02:09:29 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.gpref
[2009/04/24 01:47:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nfr.assembly
< End of report >


MBAM LOG:


Malwarebytes' Anti-Malware 1.36
Database version: 2035
Windows 5.1.2600 Service Pack 3

5/21/2009 4:12:54 AM
mbam-log-2009-05-21 (04-12-54).txt

Scan type: Quick Scan
Objects scanned: 75303
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\__c002D4A9.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Temp\msb.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c002d4a9 (Trojan.Vundo) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Aubrey Lauren\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aubrey Lauren\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002D4A9.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aubrey Lauren\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aubrey Lauren\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\msb.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\ak1.exe (Virus.Virut) -> Quarantined and deleted successfully.







Thanks again for any help.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP