Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help Removing Win32/Alureon.G [Solved]

Started by K1500 , Mar 31 2010 10:49 AM

  • This topic is locked This topic is locked

#16
K1500
Posted 02 April 2010 - 06:17 AM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
I have had issues with MalwareBytes crashing my computer unless run in Safe Mode, for a while now, too (before I got Alureon.G). Perhaps the error has been corrected by one of the programs you've told me to run, but hopefully it won't crash. Should I run it in Safe Mode if it crashes in regular mode?
  • 0

Advertisements

#17
hammerman
Posted 02 April 2010 - 06:21 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Yes, run it in Safe mode if you have a problem in Normal mode.
  • 0

#18
K1500
Posted 02 April 2010 - 06:32 AM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
MBAM crashed the computer in regular mode, and I couldn't get Safe Mode to load. It crashes on the file after Mup.sys. :)
  • 0

#19
hammerman
Posted 02 April 2010 - 06:43 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please run the Kaspersky scan.
  • 0

#20
K1500
Posted 02 April 2010 - 08:31 AM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Alright, the Kaspersky scanner is running now, thanks!
  • 0

#21
K1500
Posted 02 April 2010 - 02:49 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Here are the results from the Kaspersky scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, April 2, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, April 02, 2010 11:55:34
Records in database: 3913755
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 278621
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 04:58:54

No threats found. Scanned area is clean.

Selected area has been scanned.
  • 0

#22
hammerman
Posted 02 April 2010 - 03:49 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

Run OTL
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scans/Fixes box paste this in the following.

    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open a notepad window, OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
-- Step 2 --

Click on Start, then Run...
Type in cmd and press ENTER
In the command window, type chkdsk /r followed by ENTER
If you are asked if you want to schedule a disk check at restart, enter Y
Now reboot to start the disk check.
  • 0

#23
K1500
Posted 02 April 2010 - 07:48 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Here are the results from OTL and I've performed the disk check:

OTL logfile created on: 4/2/2010 6:11:26 PM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Graham\Desktop\Alureon.G
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.37 Gb Total Space | 13.63 Gb Free Space | 19.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 435.17 Gb Free Space | 93.43% Space Free | Partition Type: NTFS
Drive G: | 980.72 Mb Total Space | 887.84 Mb Free Space | 90.53% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XPS400
Current User Name: Graham
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Graham\Desktop\Alureon.G\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Graham\Desktop\Alureon.G\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GCSVC) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe (Raxco Software, Inc.)
SRV - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe (Raxco Software, Inc.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (SNMP) -- C:\WINDOWS\system32\snmp.exe (Microsoft Corporation)
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) Simple Mail Transfer Protocol (SMTP) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (MSFtpsvc) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (SimpTcp) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (LPDSVC) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 64.34.161.90:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.0.20
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: {1fe12979-ef26-4a7a-911a-ba0f596362bd}:1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.83.20100316
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:2.23b1
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.5
FF - prefs.js..extensions.enabledItems: {469CEB59-8266-438b-91D9-82F56D595E15}:1.19
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.5
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "64.90.179.108"
FF - prefs.js..network.proxy.gopher: "64.90.179.108"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.90.179.108"
FF - prefs.js..network.proxy.ssl: "64.90.179.108"
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..splitbrowser.search.loadResultsIn: 2


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 00:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 00:29:00 | 000,000,000 | ---D | M]

[2009/03/07 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions
[2009/03/07 01:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Extensions\[email protected]
[2010/04/02 17:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions
[2010/01/26 21:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{1fe12979-ef26-4a7a-911a-ba0f596362bd}
[2010/03/30 22:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/03/28 20:35:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/23 00:49:43 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2009/10/15 07:00:24 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/01/21 00:34:40 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/03/27 12:53:39 | 000,000,000 | ---D | M] (FoxyTunes Skin - OnyxOrbs) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{469CEB59-8266-438b-91D9-82F56D595E15}
[2010/03/20 10:40:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/07 04:08:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/29 18:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/10/14 04:09:51 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
[2010/01/27 19:23:36 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/03/26 16:53:19 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/03/17 21:24:52 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/02/28 11:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/09/13 22:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\bug489729@alice0775
[2009/07/01 20:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/07/26 10:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2008/06/18 12:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2010/03/23 20:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/12/29 21:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2008/07/12 12:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/10/28 05:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\TFToolbarX@torrent-finder
[2009/11/11 14:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\extensions\[email protected]
[2009/01/06 00:33:16 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\nw5edqef.default\searchplugins\userlogos.xml
[2010/04/02 07:36:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/01 21:55:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/10/22 03:01:25 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/02/04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/04/02 06:27:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save with Download Manager... - C:\Program Files\J River\Media Jukebox\DMDownload.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...DC_2.1.1.74.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} http://aolcc.aol.com...kup/qdiagcc.cab (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1187479030750 (MUCatalogWebControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} https://scan.safety....lscbase2213.cab (CwlscInstall Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1130464946046 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1131080027541 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} http://69.213.66.54/TSWEB/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemreq...m/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Graham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Graham\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/02 07:14:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/02 06:25:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/02 00:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/01 16:44:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/01 16:43:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/01 16:43:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/01 16:43:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/01 16:43:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/01 16:43:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/01 16:37:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/01 16:25:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/31 16:31:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Graham\Recent
[2010/03/31 16:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Graham\Desktop\Alureon.G
[2010/03/30 22:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/30 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/30 17:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 17:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/28 20:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/28 20:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/03/22 20:48:24 | 000,000,000 | ---D | C] -- F:\My Documents\how-a-500-craigslist-car-beat-400k-rally-racers_files
[2010/01/06 16:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AOL
[2010/01/06 06:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/10/23 15:11:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/12 01:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/10/08 17:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2009/07/31 17:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/07 01:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/11/25 15:56:10 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2007/07/13 20:49:33 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/12/07 08:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AOL

========== Files - Modified Within 14 Days ==========

[2010/04/02 18:03:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/02 17:30:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\{5A946781-7F50-46F7-B9B9-3B43599481E3}_XPS400_Graham.job
[2010/04/02 17:22:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/02 17:22:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/02 17:22:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/02 17:22:17 | 3756,167,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/02 09:01:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/02 07:18:09 | 015,728,640 | -H-- | M] () -- C:\Documents and Settings\Graham\NTUSER.DAT
[2010/04/02 07:18:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Graham\ntuser.ini
[2010/04/02 06:28:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/02 06:27:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/01 20:56:05 | 000,037,198 | ---- | M] () -- C:\Documents and Settings\Graham\Application Data\wklnhst.dat
[2010/04/01 20:56:01 | 000,010,816 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\Relay For Life Addresses.docx
[2010/04/01 16:45:00 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/04/01 15:11:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Graham\peerblock.dmp
[2010/03/31 23:43:34 | 000,096,214 | ---- | M] () -- C:\VETlog.dmp
[2010/03/31 23:41:36 | 000,000,966 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/31 00:13:35 | 000,335,856 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\R158601.EXE
[2010/03/30 23:38:19 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 22:49:14 | 049,852,416 | ---- | M] () -- C:\WINDOWS\System32\BOJTEMHCUXKGRSJ
[2010/03/30 18:30:06 | 000,011,024 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/03/30 18:30:01 | 003,494,576 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/03/30 18:30:01 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/03/30 18:29:59 | 000,015,607 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/30 18:29:26 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/30 17:39:35 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/30 17:33:31 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/30 02:28:19 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\CCleaner.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 23:10:12 | 000,716,992 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 23:10:12 | 000,580,318 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 23:10:12 | 000,122,036 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/28 22:54:14 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010/03/28 22:54:14 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/03/28 20:25:02 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\WinRAR.lnk
[2010/03/28 20:09:09 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\Graham\Desktop\PeerBlock.lnk
[2010/03/22 22:03:51 | 000,013,225 | ---- | M] () -- F:\My Documents\Bill.docx
[2010/03/22 20:48:50 | 000,248,227 | ---- | M] () -- F:\My Documents\how-a-500-craigslist-car-beat-400k-rally-racers.htm

========== Files Created - No Company Name ==========

[2010/04/01 20:56:01 | 000,010,816 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\Relay For Life Addresses.docx
[2010/04/01 16:45:00 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/04/01 16:44:55 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/01 16:43:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/01 16:43:31 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/01 16:43:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/01 16:43:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/01 16:43:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/01 15:11:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Graham\peerblock.dmp
[2010/03/31 00:13:15 | 000,335,856 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\R158601.EXE
[2010/03/30 22:46:34 | 049,852,416 | ---- | C] () -- C:\WINDOWS\System32\BOJTEMHCUXKGRSJ
[2010/03/30 21:50:59 | 3756,167,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/30 18:30:06 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2010/03/30 18:30:06 | 000,011,024 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2010/03/30 18:29:59 | 000,033,846 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/03/30 18:29:59 | 000,015,607 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/03/30 17:37:56 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/30 17:33:31 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/28 20:09:09 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\Graham\Desktop\PeerBlock.lnk
[2010/03/22 22:03:51 | 000,013,225 | ---- | C] () -- F:\My Documents\Bill.docx
[2010/03/22 20:48:50 | 000,248,227 | ---- | C] () -- F:\My Documents\how-a-500-craigslist-car-beat-400k-rally-racers.htm
[2010/02/06 06:09:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/06 06:09:29 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/23 02:39:50 | 000,000,262 | ---- | C] () -- C:\WINDOWS\w32dasm8.ini
[2009/12/23 00:15:27 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\afl.log
[2009/02/15 23:04:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Drums
[2009/02/15 23:04:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Graham\Application Data\Distortion
[2009/02/15 23:04:48 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2009/02/15 23:04:48 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\MIDI Patch Names
[2009/02/15 23:04:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\laserjet
[2009/02/15 23:04:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Distortion
[2009/02/15 23:04:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Dynamic Library
[2009/02/15 23:04:16 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Graham\Application Data\Documentation
[2009/02/15 23:04:16 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Mail
[2009/02/15 22:52:16 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 16:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/31 21:36:50 | 000,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/11/25 15:56:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/10/01 23:35:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/02 16:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/08/02 16:49:52 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2007/08/02 16:42:47 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/08/02 16:42:46 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/08/02 16:41:30 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/08/02 16:41:29 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/08/02 16:41:27 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/05/31 14:43:03 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\.mpid
[2007/05/21 20:45:59 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/04/24 19:38:05 | 000,000,141 | ---- | C] () -- C:\WINDOWS\mp3wavcon.ini
[2007/04/24 19:37:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/03/24 04:25:50 | 001,385,984 | ---- | C] () -- C:\WINDOWS\System32\telintf.DLL
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/27 14:19:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/12/22 21:17:04 | 000,000,045 | ---- | C] () -- C:\WINDOWS\HOTWHEEL.INI
[2006/12/21 15:42:23 | 000,000,058 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2006/12/10 01:51:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2006/10/19 00:32:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2006/09/02 23:26:21 | 000,016,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\P2k.sys
[2006/08/01 11:02:09 | 000,000,067 | ---- | C] () -- C:\WINDOWS\101_ASB.INI
[2006/07/24 12:53:53 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/07/23 19:18:42 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2006/07/23 14:38:02 | 000,000,921 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/07/07 17:57:06 | 000,073,814 | ---- | C] () -- C:\WINDOWS\System32\cw.dll
[2006/06/11 01:46:03 | 000,000,158 | ---- | C] () -- C:\WINDOWS\TSDataEx.ini
[2006/03/06 22:52:49 | 000,000,639 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2006/03/04 20:39:32 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C0EC55B373.sys
[2006/01/27 17:09:57 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Graham\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2005/12/30 20:33:51 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/12/25 15:49:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\dmi.ini
[2005/12/03 21:42:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/11/27 01:14:31 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdcomchk.ini
[2005/11/26 18:45:24 | 000,000,090 | ---- | C] () -- C:\WINDOWS\fdmc.ini
[2005/11/13 20:17:52 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\FASTWiz.log
[2005/11/04 19:40:39 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/02 22:12:10 | 000,000,088 | ---- | C] () -- C:\WINDOWS\copmn.ini
[2005/11/01 18:22:58 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/10/31 22:26:13 | 000,037,198 | ---- | C] () -- C:\Documents and Settings\Graham\Application Data\wklnhst.dat
[2005/10/31 16:51:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/10/29 20:44:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/10/28 15:38:29 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/10/28 15:35:30 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/10/27 23:27:28 | 000,003,558 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/10/27 23:27:28 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\73B355ECC0.sys
[2005/10/27 21:40:14 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/10/27 21:40:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/10/27 20:43:12 | 000,004,304 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/10/27 20:16:09 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Graham\Local Settings\Application Data\fusioncache.dat
[2005/10/26 14:18:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/26 14:07:11 | 000,003,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/10/26 14:04:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/26 14:01:28 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/10/26 14:01:11 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/10/26 13:36:14 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/10/26 13:35:30 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/04 20:59:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/19 08:29:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 08:17:10 | 000,614,400 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/19 16:20:39 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/19 15:49:36 | 000,016,161 | ---- | C] () -- C:\WINDOWS\System32\ngjcpb9f.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/10/06 13:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 18:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 18:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 18:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/08/27 11:00:00 | 000,000,052 | ---- | C] () -- C:\WINDOWS\msdfmap32.ini
[2002/08/27 11:00:00 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\aclui32.dll
[2002/05/15 18:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/04/19 09:23:26 | 000,106,137 | ---- | C] () -- C:\WINDOWS\System32\libpostproc.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/10/25 02:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2006/06/30 23:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2006/06/30 23:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/02/15 23:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/09/03 00:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/08 17:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/12 16:45:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/30 17:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 00:27:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 16:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/11/14 00:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Aim
[2005/12/03 00:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Allume Systems
[2007/11/13 03:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Amazon
[2010/03/30 18:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\BitTorrent
[2005/12/20 18:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Common Files
[2009/02/01 04:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\DNA
[2007/11/14 20:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Earthsim
[2010/02/06 06:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\GetRightToGo
[2010/02/06 03:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\HandBrake
[2009/11/18 19:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\iTSfv
[2009/04/01 17:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Kontiki
[2005/10/27 23:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Leadertech
[2010/01/17 04:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\LEGO Company
[2009/02/16 22:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\MCMPEGEnc
[2009/02/16 05:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\MPEG Streamclip
[2006/05/01 22:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\NetMedia Providers
[2009/02/15 23:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Nikon
[2009/04/01 17:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\OfficeUpdate12
[2005/12/10 01:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Opera
[2006/05/01 22:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Publish Providers
[2006/08/08 17:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Sereniti
[2007/11/19 19:25:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Subversion
[2009/10/15 17:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\SystemRequirementsLab
[2009/04/07 18:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Viewpoint
[2009/10/23 14:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Windows Desktop Search
[2009/10/25 03:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Graham\Application Data\Windows Search
[2010/04/02 17:30:00 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\{5A946781-7F50-46F7-B9B9-3B43599481E3}_XPS400_Graham.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/06/03 06:01:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/06/03 06:01:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/03 06:01:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/03 06:01:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\dell\Drivers\R158601\iastor.sys
[2005/06/17 12:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\drivers\storage\sata\onboard\iastor.sys
[2005/06/17 12:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\i386\iaStor.sys
[2005/06/17 12:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007/05/21 20:46:00 | 000,682,232 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2004/08/19 15:56:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/19 15:56:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/19 15:56:28 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
  • 0

#24
K1500
Posted 02 April 2010 - 08:02 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
I'm not sure if you were going to address this or not, but it looks like another virus got added at 2010/04/01 16:43. :)
  • 0

#25
hammerman
Posted 03 April 2010 - 12:47 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

I'm not sure if you were going to address this or not, but it looks like another virus got added at 2010/04/01 16:43

Where did you get this information and can you give me some more details?
  • 0

Advertisements

#26
K1500
Posted 03 April 2010 - 08:04 AM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts

Hi,

I'm not sure if you were going to address this or not, but it looks like another virus got added at 2010/04/01 16:43

Where did you get this information and can you give me some more details?


Just my amateur readings of that OTL log, maybe I'm wrong. :)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/01 16:44:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/01 16:43:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/01 16:43:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/01 16:43:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/01 16:43:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/01 16:43:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/01 16:37:31 | 000,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 14 Days ==========

[2010/04/01 16:45:00 | 000,000,279 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2010/04/01 16:45:00 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/04/01 16:44:55 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/01 16:43:32 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/01 16:43:31 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/01 16:43:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/01 16:43:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/01 16:43:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe


  • 0

#27
hammerman
Posted 03 April 2010 - 01:50 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

They are all legit files loaded by Combofix.

Are you able to start up in Safe mode?
  • 0

#28
K1500
Posted 03 April 2010 - 03:21 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
:) Alright, I wasn't sure as they looked suspicious and many of the search results said they were likely viruses. Thanks for the explanation!

I have not tried to start in Safe Mode again, should I?
  • 0

#29
hammerman
Posted 04 April 2010 - 01:01 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Yes, please try Safe mode again.
  • 0

#30
K1500
Posted 05 April 2010 - 06:46 PM

K1500

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Sorry for the late reply, for some reason I didn't receive an email notification. I'll try safe mode in a bit and let you know what happens. Thanks!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP