Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Acer Desktop Win XP with rootkits [Solved]

Started by clxskeeg , Apr 27 2010 10:46 AM

  • This topic is locked This topic is locked

#31
ldtate
Posted 06 May 2010 - 03:21 PM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP

PE file found in sector at 0x012A18AC1 !

That's a good sign :)

OTL Fix
Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Processes
explorer.exe

:Services

:Reg

:Files
C:\WINDOWS\system32\hlolink.dll
C:\WINDOWS\avrack.ini

:Commands
[RESETHOSTS] 
[purity]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done and run a new scan

  • 0

Advertisements

#32
clxskeeg
Posted 06 May 2010 - 06:56 PM

clxskeeg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Here is an OTL scan, although you didn't specify which scan you wanted to see. I also did another MBAM scan, but I can't find where I saved the log, I'm doing a file search for it now, although I read it and I am sure it said all was OK.



OTL logfile created on: 5-6-2010 07:58:47 PM - Run 4
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\fixer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

703.00 Mb Total Physical Memory | 344.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.65 Gb Total Space | 2.64 Gb Free Space | 3.63% Space Free | Partition Type: FAT32
Drive D: | 73.43 Gb Total Space | 7.96 Gb Free Space | 10.84% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1.90 Gb Total Space | 0.30 Gb Free Space | 15.82% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER
Current User Name: fixer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-04-27 10:19:24 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fixer\Desktop\OTL.exe
PRC - [2010-04-26 17:35:24 | 000,238,832 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
PRC - [2010-04-26 17:35:24 | 000,230,664 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
PRC - [2010-04-26 17:35:22 | 000,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010-04-26 17:35:22 | 000,177,392 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2010-03-15 19:03:24 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-07-07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008-04-14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-04-23 11:36:06 | 000,144,960 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
PRC - [2006-11-03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005-06-20 09:03:24 | 000,352,256 | ---- | M] (acer Inc.) -- C:\Program Files\acer\eRecovery\Monitor.exe
PRC - [2005-06-07 20:31:32 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005-06-01 14:23:46 | 000,442,368 | ---- | M] (Acer Inc.) -- C:\Program Files\acer\Acer eConsole\MediaServerService.exe
PRC - [2005-05-13 12:57:00 | 000,143,360 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2005-05-13 12:57:00 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe


========== Modules (SafeList) ==========

MOD - [2010-04-27 10:19:24 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fixer\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010-04-26 17:35:24 | 000,238,832 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2010-04-26 17:35:22 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2008-07-07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007-04-23 11:36:06 | 000,144,960 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2006-11-03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005-06-01 14:23:46 | 000,442,368 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Program Files\acer\Acer eConsole\MediaServerService.exe -- (Acer Media Server)


========== Driver Services (SafeList) ==========

DRV - [2010-04-26 19:14:52 | 000,739,696 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010-04-26 19:14:52 | 000,133,520 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2010-04-26 17:35:24 | 000,032,240 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2010-04-26 17:35:24 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2010-04-26 17:35:24 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2010-04-26 17:35:22 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2008-02-27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008-02-25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007-04-16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005-10-17 14:03:14 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005-06-07 20:31:30 | 002,319,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005-03-21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\sabprocenum.sys -- (SABProcEnum)
DRV - [2005-02-23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005-01-13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004-12-17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2003-07-02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008-11-08 20:25:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008-11-08 20:25:32 | 000,000,000 | ---D | M]

[2010-04-27 07:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fixer\Application Data\Mozilla\Extensions
[2010-04-27 07:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fixer\Application Data\Mozilla\Firefox\Profiles\gdqbvssn.default\extensions
[2010-04-27 16:48:22 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\fixer\Application Data\Mozilla\Firefox\Profiles\gdqbvssn.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010-05-06 11:28:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\fixer\Application Data\Mozilla\Firefox\Profiles\gdqbvssn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010-04-30 23:06:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\fixer\Application Data\Mozilla\Firefox\Profiles\gdqbvssn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-04-27 15:01:54 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\fixer\Application Data\Mozilla\Firefox\Profiles\gdqbvssn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008-11-08 20:25:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010-05-03 00:35:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

O1 HOSTS File: ([2010-05-06 19:38:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - No CLSID value found.
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [eRecoveryService] C:\Program Files\acer\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1158766737609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1163900908375 (MUWebControl Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www3.ca.com/s...nfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O20 - Winlogon\Notify\origami: DllName - C:\WINDOWS\system32\hlolink.dll - C:\WINDOWS\System32\hlolink.dll File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-10-17 14:03:44 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009-09-07 16:21:02 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005-10-17 13:40:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010-05-06 19:38:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-05-06 14:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Desktop\Copy of LOGS&TEXTS
[2010-05-03 19:52:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010-05-03 09:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Calculator Plus
[2010-05-03 07:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010-05-03 07:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Desktop\desktop texts
[2010-05-03 00:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\CATHY
[2010-05-03 00:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010-05-03 00:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010-05-03 00:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010-04-29 14:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVI MPEG RM WMV Joiner
[2010-04-29 14:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Desktop\Boilsoft_-_Splitter___Joiner
[2010-04-28 15:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\AdobeUM
[2010-04-28 15:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Local Settings\Application Data\Adobe
[2010-04-28 15:10:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\My Documents\My eBooks
[2010-04-28 14:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Local Settings\Application Data\Ahead
[2010-04-28 09:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Desktop\LOGS&TEXTS
[2010-04-27 22:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\WinRAR
[2010-04-27 20:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\Sun
[2010-04-27 20:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\uTorrent
[2010-04-27 16:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\Ahead
[2010-04-27 13:40:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\vlc
[2010-04-27 12:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Local Settings\Application Data\Identities
[2010-04-27 11:24:13 | 000,257,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fixer\Desktop\OTH.scr
[2010-04-27 11:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\Malwarebytes
[2010-04-27 10:19:24 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fixer\Desktop\OTL.exe
[2010-04-27 09:55:38 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\fixer\Desktop\TFC.exe
[2010-04-27 07:49:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\My Documents\Downloads
[2010-04-27 07:19:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\Real
[2010-04-27 07:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\Media Player Classic
[2010-04-27 07:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\Macromedia
[2010-04-27 07:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\Adobe
[2010-04-27 07:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Local Settings\Application Data\Mozilla
[2010-04-27 07:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\Mozilla
[2010-04-27 07:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Local Settings\Application Data\ApplicationHistory
[2010-04-27 06:42:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\fixer\Application Data\Microsoft
[2010-04-27 06:42:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\fixer\Cookies
[2010-04-27 06:42:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fixer\SendTo
[2010-04-27 06:42:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fixer\Recent
[2010-04-27 06:42:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fixer\Application Data
[2010-04-27 06:42:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fixer\Start Menu
[2010-04-27 06:42:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fixer\My Documents\My Pictures
[2010-04-27 06:42:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fixer\My Documents\My Music
[2010-04-27 06:42:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fixer\My Documents
[2010-04-27 06:42:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fixer\Favorites
[2010-04-27 06:42:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\fixer\IETldCache
[2010-04-27 06:42:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fixer\Templates
[2010-04-27 06:42:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fixer\PrintHood
[2010-04-27 06:42:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fixer\NetHood
[2010-04-27 06:42:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fixer\Local Settings
[2010-04-27 06:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\WINDOWS
[2010-04-27 06:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\Symantec
[2010-04-27 06:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Local Settings\Application Data\Microsoft
[2010-04-27 06:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Application Data\Identities
[2010-04-27 06:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixer\Desktop
[2010-04-27 06:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2010-04-26 23:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek Sound Manager
[2010-04-26 21:19:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010-04-26 19:30:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010-04-26 19:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010-04-26 19:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010-04-26 18:57:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010-04-26 17:35:28 | 000,739,696 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2010-04-26 17:35:28 | 000,133,520 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[42 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-05-06 19:43:12 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010-05-06 19:41:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-06 19:41:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010-05-06 19:39:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-06 19:39:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-06 19:39:24 | 737,726,464 | -HS- | M] () -- C:\hiberfil.sys
[2010-05-06 19:38:30 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\fixer\ntuser.dat
[2010-05-06 19:38:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\fixer\ntuser.ini
[2010-05-06 09:39:00 | 000,171,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-05-02 23:59:52 | 737,755,136 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010-05-02 18:01:32 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\fixer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-02 17:58:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-29 14:14:14 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\fixer\Desktop\AVI MPEG RM WMV Joiner.lnk
[2010-04-29 00:37:40 | 000,000,031 | ---- | M] () -- C:\Documents and Settings\fixer\Desktop\rapidsharehack.bat
[2010-04-28 18:05:42 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\fixer\Desktop\Shortcut to eBay_photos.lnk
[2010-04-28 05:47:12 | 000,526,522 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-27 22:54:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-04-27 16:42:12 | 000,000,098 | ---- | M] () -- C:\Documents and Settings\fixer\default.pls
[2010-04-27 13:02:12 | 000,705,736 | ---- | M] () -- C:\Documents and Settings\fixer\Desktop\desktop texts.zip
[2010-04-27 11:24:16 | 000,257,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fixer\Desktop\OTH.scr
[2010-04-27 11:16:10 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-04-27 10:19:24 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fixer\Desktop\OTL.exe
[2010-04-27 09:55:40 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fixer\Desktop\TFC.exe
[2010-04-27 08:23:32 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\fixer\Desktop\Shortcut to Downloads.lnk
[2010-04-27 07:58:44 | 000,000,484 | ---- | M] () -- C:\Documents and Settings\fixer\Desktop\fix.reg
[2010-04-27 07:07:24 | 000,000,006 | ---- | M] () -- C:\ISACER.ID
[2010-04-27 01:57:58 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010-04-27 00:10:14 | 000,001,427 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AvRack.lnk
[2010-04-26 19:14:52 | 000,739,696 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetefile.sys
[2010-04-26 19:14:52 | 000,133,520 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\veteboot.sys
[2010-04-26 17:35:24 | 000,032,240 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetmonnt.sys
[2010-04-26 17:35:24 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vetfddnt.sys
[2010-04-26 17:35:24 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-rec.sys
[2010-04-26 17:35:22 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\drivers\vet-filt.sys

========== Files Created - No Company Name ==========

[2010-05-06 14:18:59 | 000,001,147 | ---- | C] () -- C:\Documents and Settings\fixer\Desktop\Nero StartSmart.lnk
[2010-05-03 07:02:53 | 000,705,736 | ---- | C] () -- C:\Documents and Settings\fixer\Desktop\desktop texts.zip
[2010-05-03 01:34:39 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\fixer\ntuser.dat
[2010-04-29 14:14:13 | 000,000,601 | ---- | C] () -- C:\Documents and Settings\fixer\Desktop\AVI MPEG RM WMV Joiner.lnk
[2010-04-29 00:37:39 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\fixer\Desktop\rapidsharehack.bat
[2010-04-28 18:05:46 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\fixer\Desktop\Shortcut to eBay_photos.lnk
[2010-04-27 16:42:11 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\fixer\default.pls
[2010-04-27 13:23:28 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\fixer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-27 08:23:30 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\fixer\Desktop\Shortcut to Downloads.lnk
[2010-04-27 07:58:42 | 000,000,484 | ---- | C] () -- C:\Documents and Settings\fixer\Desktop\fix.reg
[2010-04-27 07:21:14 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\fixer\Desktop\Shortcut to 001-BURN.lnk
[2010-04-27 06:42:24 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\fixer\ntuser.dat.LOG
[2010-04-27 06:42:24 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\fixer\ntuser.ini
[2010-04-26 23:32:27 | 000,001,427 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AvRack.lnk
[2010-04-26 23:30:54 | 000,000,006 | ---- | C] () -- C:\ISACER.ID
[2010-04-26 19:11:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2008-11-08 19:58:04 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-04-05 20:07:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008-04-05 20:07:55 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007-11-30 23:03:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007-08-19 11:29:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2007-08-18 10:12:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007-05-27 18:06:52 | 000,000,165 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2007-05-27 18:06:50 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2007-05-27 18:06:49 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2007-02-22 10:34:35 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2006-11-25 21:09:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2006-10-12 23:36:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI
[2006-09-20 13:10:59 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006-09-20 12:18:50 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2006-09-17 19:08:56 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006-05-10 14:26:26 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006-05-10 12:50:04 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006-05-10 12:45:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX3800.ini
[2006-04-16 16:37:15 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2005-10-17 14:29:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005-10-17 14:04:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005-10-17 14:03:16 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005-10-17 14:03:16 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005-10-17 14:03:16 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005-10-17 14:03:16 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005-10-17 13:59:16 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005-10-17 13:54:34 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005-10-17 13:48:30 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005-10-17 13:39:11 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004683_.tmp.dll
[2005-10-17 13:39:03 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004715_.tmp.dll
[2005-03-01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004-12-17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004-03-18 18:40:32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004-03-18 18:40:24 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003-02-18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2001-12-26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001-09-03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001-07-30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001-07-23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980-01-01 00:00:00 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== LOP Check ==========

[2007-02-20 12:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2007-06-18 00:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007-09-28 12:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2008-10-11 19:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010-04-27 20:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fixer\Application Data\uTorrent
[2010-05-06 19:43:12 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005-10-17 14:30:30 | 000,000,076 | RHS- | M] () -- C:\PRELOAD.AAA
[2010-05-06 19:39:24 | 1106,485,248 | -HS- | M] () -- C:\pagefile.sys
[2007-09-28 12:12:54 | 000,012,559 | ---- | M] () -- C:\caisslog.txt
[2010-05-06 19:39:24 | 737,726,464 | -HS- | M] () -- C:\hiberfil.sys
[2008-11-22 10:09:00 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2010-04-27 07:07:24 | 000,000,006 | ---- | M] () -- C:\ISACER.ID
[2005-10-17 13:51:06 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005-10-17 14:03:44 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005-10-17 13:51:06 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005-10-17 13:51:06 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008-04-05 19:33:54 | 064,045,056 | ---- | M] () -- C:\bb.mpg
[2007-02-09 13:27:20 | 000,006,172 | ---- | M] () -- C:\caavsetup.log
[2006-06-28 19:40:08 | 000,007,417 | ---- | M] () -- C:\threatalerts.txt
[2006-06-28 19:40:08 | 000,000,430 | ---- | M] () -- C:\f114ece6-22ef-4da5-9128-6e38f5840260.cab
[2008-11-01 05:48:08 | 000,259,299 | ---- | M] () -- C:\rapport.txt
[2010-05-06 10:11:24 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006-10-26 10:37:26 | 000,000,000 | ---- | M] () -- C:\sms.7
[2006-10-26 10:37:26 | 000,000,000 | ---- | M] () -- C:\sms.8
[2006-10-26 10:37:26 | 000,000,000 | ---- | M] () -- C:\sms.9
[2006-10-26 10:38:02 | 000,000,000 | ---- | M] () -- C:\sms.c
[2007-09-28 12:09:20 | 000,035,699 | ---- | M] () -- C:\caavsetupLog.txt
[2007-01-13 10:41:42 | 000,000,000 | ---- | M] () -- C:\s3a4.4
[2007-01-13 10:41:44 | 000,000,000 | ---- | M] () -- C:\s3a4.7
[2007-01-13 10:41:44 | 000,000,000 | ---- | M] () -- C:\s3a4.8
[2007-01-13 10:41:46 | 000,000,000 | ---- | M] () -- C:\s3a4.9
[2007-01-13 10:41:46 | 000,000,000 | ---- | M] () -- C:\s3a4.a
[2007-01-13 10:41:46 | 000,000,000 | ---- | M] () -- C:\s3a4.b
[2007-01-13 10:41:46 | 000,000,000 | ---- | M] () -- C:\s3a4.c
[2007-06-09 21:29:02 | 000,001,766 | ---- | M] () -- C:\avenger.txt
[2004-08-03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2007-02-22 10:42:24 | 000,000,063 | ---- | M] () -- C:\avone.ini
[2008-08-08 11:01:30 | 000,259,690 | ---- | M] () -- C:\r0a1p7p0o5rt.txt
[2008-11-01 05:36:56 | 000,001,878 | ---- | M] () -- C:\rapport11-1.txt
[2008-11-01 05:41:16 | 000,259,298 | ---- | M] () -- C:\rapport11-1a.txt
[2008-11-01 05:46:52 | 000,001,878 | ---- | M] () -- C:\rapport11-1safe.txt
[2008-11-01 05:49:00 | 000,259,296 | ---- | M] () -- C:\rapport11-1a-safe.txt
[2008-04-19 14:11:40 | 000,000,211 | -HS- | M] () -- C:\Boot.bak
[2008-04-14 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-04-14 12:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008-11-09 17:52:42 | 002,072,576 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2008-11-09 17:52:42 | 017,039,360 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008-11-09 17:52:42 | 003,026,944 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008-11-09 17:38:20 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010-02-11 08:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2010-04-26 19:14:52 | 000,739,696 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\vetefile.sys
[2010-04-26 17:35:22 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\vet-filt.sys
[2010-02-24 09:11:08 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010-04-26 17:35:24 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\vet-rec.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010-04-26 17:35:24 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\vetfddnt.sys
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010-04-26 17:35:24 | 000,032,240 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\vetmonnt.sys
[2010-04-26 19:14:52 | 000,133,520 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\system32\drivers\veteboot.sys
< End of report >
  • 0

#33
ldtate
Posted 06 May 2010 - 07:04 PM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\hlolink.dll]


On the desktop, doubleclick fix.reg and allow it to run. Let it merge.

Reboot and let me know how it's running.
  • 0

#34
clxskeeg
Posted 06 May 2010 - 07:05 PM

clxskeeg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
I may have to do the scans over, I just realized that the folder settings had reversed to default, to HIDE files and file extensions. I am going to do the OTL over again, with files showing.
  • 0

#35
ldtate
Posted 06 May 2010 - 07:07 PM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
That shouldn't matter. Do this.


Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\hlolink.dll]


On the desktop, doubleclick fix.reg and allow it to run. Let it merge.

Reboot and let me know how it's running.
  • 0

#36
clxskeeg
Posted 06 May 2010 - 08:44 PM

clxskeeg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Seems to be working great now, in all user identities, browsers aren't crashing anymore, boot up is fast. I think it's all fixed. Thank you very much, think I will go and try my paypal acct :)
  • 0

#37
ldtate
Posted 07 May 2010 - 05:37 AM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Thank You very much Val :)

Good job


Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
check "Hide file extensions for known file types."
Under the "Hidden files" folder, uncheck "Show hidden files and folders."
check "Hide protected operating system files."
Click Apply, and then click OK.


You can remove these leftover files and folders if listed:
C:\ComboFix
C:\QooBox
C:\combofix.txt
C:\combofix-quarantine-files.txt

To be on the safe side, I would also change all my passwords.


Here's my usual all clean post

Log looks good :)


  • Make your Internet Explorer more secure - This can be done by following these simple instructions:[list=1]
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.

  • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.


I would suggest you read How to Prevent Malware:
  • 0

#38
ldtate
Posted 08 May 2010 - 08:07 PM

ldtate

    Malware Expert

  • Expert
  • 1,874 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP