Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Security Virus-Used Malware Guide--Help Please---Do I have r


  • Please log in to reply

#1
feleesa

feleesa

    New Member

  • Member
  • Pip
  • 6 posts
Hello,

I had all kind of pop ups with warnings that my system was infected and that I should update Internet Security. I knew it was a rogue virus and did not click to update it. I used your Malware/Spyware cleaning guide and ran the EFC, Malwarebytes, Erunts, GMER and OTL. GMER instructed me to post the logfile to obtain further help if I should still have a rootkit on my sytem. Please let me know what I should od next.

Below are the log file for GMER and OTL:

Regards,

Feleesa



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-14 05:57:07
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Clara\LOCALS~1\Temp\uxliipog.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\aol_htm@ HTML Document
Reg HKLM\SOFTWARE\Classes\aol_htm\DefaultIcon
Reg HKLM\SOFTWARE\Classes\aol_htm\DefaultIcon@ "%1"
Reg HKLM\SOFTWARE\Classes\aol_htm\shell
Reg HKLM\SOFTWARE\Classes\aol_htm\shell\Edit
Reg HKLM\SOFTWARE\Classes\aol_htm\shell\Edit@ &Edit
Reg HKLM\SOFTWARE\Classes\aol_htm\shell\Edit\command
Reg HKLM\SOFTWARE\Classes\aol_htm\shell\Edit\command@ "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1
Reg HKLM\SOFTWARE\Classes\aol_htm\shell\open
Reg HKLM\SOFTWARE\Classes\aol_htm\shell\open\command
Reg HKLM\SOFTWARE\Classes\aol_htm\shell\open\command@ "C:\Program Files\AOL\Explorer\1.2\AOLExplorer.exe" -u "%1"
Reg HKLM\SOFTWARE\Classes\aol_htm\shell\Print
Reg HKLM\SOFTWARE\Classes\aol_htm\shell\Print@ &Print
Reg HKLM\SOFTWARE\Classes\aol_htm\shell\Print\command
Reg HKLM\SOFTWARE\Classes\aol_htm\shell\Print\command@ "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1
Reg HKLM\SOFTWARE\Classes\aol_htm\ShellEx
Reg HKLM\SOFTWARE\Classes\aol_htm\ShellEx\IconHandler
Reg HKLM\SOFTWARE\Classes\aol_htm\ShellEx\IconHandler@ {42042206-2D85-11D3-8CFF-005004838597}
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler@ Google Updater Scheduler class
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler\CLSID
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler\CLSID@ {B53B7061-6584-46AA-A033-D610EB10BD9B}
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler\CurVer
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler\CurVer@ GUSchedulerCtl.UpdaterScheduler.1
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler.1@ Google Updater Scheduler class
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler.1\CLSID
Reg HKLM\SOFTWARE\Classes\GUSchedulerCtl.UpdaterScheduler.1\CLSID@ {B53B7061-6584-46AA-A033-D610EB10BD9B}
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater@ Google Silent Updater class
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater\CLSID
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater\CLSID@ {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater\CurVer
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater\CurVer@ GUServiceCtl.SilentUpdater.1
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater.1@ Google Silent Updater class
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater.1\CLSID
Reg HKLM\SOFTWARE\Classes\GUServiceCtl.SilentUpdater.1\CLSID@ {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

---- EOF - GMER 1.0.15 ----


********************************************************************************************************

OTL logfile created on: 3/14/2010 6:23:41 AM - Run 3
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Clara\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 373.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.03 Gb Total Space | 19.96 Gb Free Space | 38.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CLARA9300
Current User Name: Clara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/14 02:33:32 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clara\Desktop\OTL.exe
PRC - [2010/02/18 22:23:38 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/16 17:24:16 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/27 20:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/11/13 18:11:26 | 001,086,840 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2008/11/12 17:02:14 | 003,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/10 01:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 18:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/01/05 04:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/18 19:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 19:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/10/18 19:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 18:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/10/18 18:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 18:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/10/18 18:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/01/19 11:06:18 | 000,102,400 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
PRC - [2006/01/19 11:06:16 | 000,416,768 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
PRC - [2005/05/19 15:48:34 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe
PRC - [2004/09/13 17:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 15:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/04/07 13:07:34 | 000,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2010/03/14 02:33:32 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clara\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PavPrSrv)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/11/13 18:11:26 | 001,086,840 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2008/11/12 17:02:14 | 003,667,312 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/10 01:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 01:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/05 18:04:10 | 002,918,008 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/05 18:04:10 | 000,554,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/01/05 04:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/18 19:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/18 19:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/10/18 18:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/18 18:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/06/29 12:12:34 | 000,376,832 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/05/19 15:48:34 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrSII1s.exe -- (LxrSII1s)
SRV - [2004/04/07 13:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/02/26 02:18:00 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/02/15 11:51:00 | 000,114,749 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE -- (awhost32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.8
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..keyword.URL: "http://slirsredirect...0fftrab&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 22:23:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 22:23:50 | 000,000,000 | ---D | M]

[2009/09/07 22:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\Mozilla\Extensions
[2009/09/07 22:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\Mozilla\Extensions\[email protected]
[2010/03/13 12:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\extensions
[2008/03/15 13:23:00 | 000,000,000 | ---D | M] (del.icio.us) -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2009/12/29 21:26:14 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/17 18:09:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/23 22:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/12/23 03:40:26 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2008/09/10 22:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\extensions\[email protected]
[2010/02/23 22:32:29 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\aim-search.xml
[2006/11/19 17:16:57 | 000,002,214 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\cddball.xml
[2007/10/07 22:50:32 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\dogpile.xml
[2009/06/17 21:11:54 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\espn.xml
[2010/03/09 00:18:18 | 000,002,125 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\flickr-tags.xml
[2010/03/09 00:18:18 | 000,005,500 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\foodtv.xml
[2009/07/02 02:08:42 | 000,001,157 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\freedict.xml
[2008/06/23 20:34:48 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\IMDB.xml
[2008/06/19 20:29:20 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\jeeves.xml
[2010/03/14 00:44:51 | 000,005,216 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\linkedin.xml
[2008/05/28 02:39:40 | 000,001,071 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\lonelyplanet.xml
[2010/03/09 00:18:18 | 000,002,143 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\marketwatch.xml
[2008/05/28 02:39:39 | 000,001,944 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\MSN.xml
[2008/07/04 17:37:33 | 000,001,963 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\odeo.xml
[2008/06/04 22:00:45 | 000,001,961 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\technorati-new.xml
[2007/11/08 19:41:32 | 000,001,035 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\usatodaycom.xml
[2010/03/09 00:18:18 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\weather.xml
[2009/11/12 11:06:23 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\WebMD.xml
[2008/06/19 20:29:24 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\webster.xml
[2008/06/19 20:29:27 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\wikipedia.xml
[2010/03/09 00:18:19 | 000,002,214 | ---- | M] () -- C:\Documents and Settings\Clara\Application Data\Mozilla\Firefox\Profiles\sw7q27t1.default\searchplugins\yahooligans.xml
[2010/03/13 12:17:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/17 18:16:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\Access Privileges Test
[2007/04/15 00:13:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2006/10/24 12:48:10 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2005/11/15 15:28:00 | 000,266,240 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2008/12/24 00:49:40 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll ()
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} http://forms.real.co...ne_Inst_Win.cab (Reg Error: Key error.)
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} http://musicstore.co...ALStreaming.cab (MALPlaybackCtrl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1205984843140 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O20 - Winlogon\Notify\SDNotify: DllName - C:\Program Files\SpywareDetector\SDNotify.dll - C:\Program Files\SpywareDetector\SDNotify.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/09/26 22:24:31 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/14 05:46:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/14 05:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/14 05:43:58 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Clara\Desktop\erunt_setup.exe
[2010/03/14 05:21:08 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Clara\Desktop\TFC.exe
[2010/03/14 03:29:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/14 03:29:22 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/14 03:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/14 03:16:45 | 005,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Clara\Desktop\mbam-setup.exe
[2010/03/14 02:33:31 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Clara\Desktop\OTL.exe
[2009/08/02 18:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/24 22:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/23 02:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/02/21 21:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/10 22:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
[2008/01/26 23:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/03/03 17:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2007/03/03 17:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2006/01/25 22:54:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/08/11 18:06:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[1 C:\Documents and Settings\Clara\My Documents\*.tmp files -> C:\Documents and Settings\Clara\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/14 05:45:57 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Clara\Desktop\NTREGOPT.lnk
[2010/03/14 05:45:57 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Clara\Desktop\ERUNT.lnk
[2010/03/14 05:44:00 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Clara\Desktop\erunt_setup.exe
[2010/03/14 05:37:59 | 000,030,081 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/14 05:36:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/14 05:34:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/14 05:34:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/14 05:33:49 | 008,441,856 | ---- | M] () -- C:\Documents and Settings\Clara\ntuser.dat
[2010/03/14 05:33:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Clara\ntuser.ini
[2010/03/14 05:21:09 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clara\Desktop\TFC.exe
[2010/03/14 04:26:04 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/03/14 03:29:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 03:27:35 | 000,363,008 | ---- | M] () -- C:\Documents and Settings\Clara\Desktop\rkill.com
[2010/03/14 03:18:20 | 000,012,070 | -HS- | M] () -- C:\Documents and Settings\Clara\Local Settings\Application Data\SmJH0PiNoUR
[2010/03/14 03:17:42 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Clara\Desktop\Msascui.doc
[2010/03/14 03:17:00 | 005,115,840 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Clara\Desktop\mbam-setup.exe
[2010/03/14 02:33:32 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clara\Desktop\OTL.exe
[2010/03/14 02:00:13 | 000,188,928 | -HS- | M] () -- C:\Documents and Settings\Clara\Local Settings\Application Data\MSASCui.exe
[2010/03/13 22:31:43 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Clara\My Documents\Powerball.xls
[2010/03/10 20:03:40 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Clara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/07 18:01:16 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Clara\My Documents\88466763 verizon.doc
[2010/03/06 05:00:29 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2010/03/01 01:12:19 | 000,125,379 | ---- | M] () -- C:\Documents and Settings\Clara\Desktop\LegalZoom.jpg
[1 C:\Documents and Settings\Clara\My Documents\*.tmp files -> C:\Documents and Settings\Clara\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/14 05:45:57 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Clara\Desktop\NTREGOPT.lnk
[2010/03/14 05:45:57 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Clara\Desktop\ERUNT.lnk
[2010/03/14 03:29:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 03:27:35 | 000,363,008 | ---- | C] () -- C:\Documents and Settings\Clara\Desktop\rkill.com
[2010/03/14 02:31:27 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Clara\Desktop\Msascui.doc
[2010/03/14 02:00:14 | 000,012,070 | -HS- | C] () -- C:\Documents and Settings\Clara\Local Settings\Application Data\SmJH0PiNoUR
[2010/03/14 02:00:13 | 000,188,928 | -HS- | C] () -- C:\Documents and Settings\Clara\Local Settings\Application Data\MSASCui.exe
[2010/03/13 14:39:26 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Clara\My Documents\Powerball.xls
[2010/03/07 18:01:16 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Clara\My Documents\88466763 verizon.doc
[2010/03/01 01:12:19 | 000,125,379 | ---- | C] () -- C:\Documents and Settings\Clara\Desktop\LegalZoom.jpg
[2009/08/10 01:14:15 | 008,801,704 | ---- | C] () -- C:\Program Files\FLV PlayerATBSetup.exe
[2009/05/14 15:29:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/11/12 17:02:20 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2008/08/31 20:40:42 | 000,000,336 | ---- | C] () -- C:\Program Files\temp995.bat
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/03 02:30:34 | 000,080,090 | ---- | C] () -- C:\Documents and Settings\Clara\Application Data\SMBIOSSP.exe
[2007/02/19 12:02:03 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/19 12:01:23 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/27 18:14:45 | 000,108,480 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SNDUpgrade.log
[2007/01/27 13:10:32 | 000,014,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2006/09/14 21:34:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/08/28 22:05:39 | 000,070,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2006/08/25 21:59:20 | 000,000,048 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/06/24 16:37:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2005/12/31 18:34:14 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2005/12/27 00:14:36 | 000,002,185 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/12/25 15:20:02 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/15 21:08:10 | 000,000,794 | ---- | C] () -- C:\Program Files\log.txt
[2005/12/10 22:30:35 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Clara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/19 19:16:48 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/26 14:51:32 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Clara\Local Settings\Application Data\fusioncache.dat
[2005/10/26 14:36:06 | 000,013,421 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/26 14:26:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/26 13:49:50 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Clara\Application Data\PFP120JPR.{PB
[2005/10/26 13:49:50 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Clara\Application Data\PFP120JCM.{PB
[2005/10/19 14:34:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/19 14:23:46 | 000,000,458 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/19 14:13:16 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/10/19 13:33:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/10/19 13:30:06 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/26 02:18:04 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/07/09 20:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/07/09 20:40:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2007/09/15 13:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/01/21 18:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2006/07/28 22:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2005/10/30 13:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETg
[2007/02/27 04:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2005/12/23 00:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/04/06 21:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/05/25 22:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/09 20:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/21 01:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/01/22 23:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006/01/15 23:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\acccore
[2010/01/21 18:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2006/10/07 19:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\ContentGuard
[2006/09/04 18:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\Image Zone Express
[2005/12/26 23:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\Leadertech
[2010/02/21 18:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\LimeWire
[2010/03/14 05:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\Messenger
[2007/09/27 18:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\MSNInstaller
[2005/12/27 00:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\Musicmatch
[2007/11/17 03:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\QQ Games
[2007/11/17 03:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\QQ Games Plugin
[2007/10/13 20:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\SmartDraw
[2008/05/25 16:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\Smith Micro
[2005/12/31 14:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\Snapfish
[2009/04/06 21:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\TaxCut
[2007/09/29 13:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\TeamViewer
[2007/12/20 23:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Application Data\Viewpoint
[2010/02/15 02:20:10 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/03/06 05:00:29 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/04/09 19:55:56 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/13 21:28:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/13 21:28:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/13 21:28:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/13 21:28:09 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/11/12 17:02:20 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Edited by feleesa, 14 March 2010 - 05:04 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP