Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help with Rootkit/ search redirect / popups/ etc

Started by djsnoopy11 , Jun 16 2010 02:31 PM

  • Please log in to reply

#1
djsnoopy11
Posted 16 June 2010 - 02:31 PM

djsnoopy11

    Member

  • Member
  • PipPip
  • 11 posts
Read malware guide and here are my results

gmer
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-16 15:08:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\E\LOCALS~1\Temp\pxtdqpow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1032] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1032] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0185000A
.text C:\WINDOWS\System32\svchost.exe[1032] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DF000A
.text C:\WINDOWS\Explorer.EXE[1584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1584] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip sosnf32.sys (SOSNF32/CYBERsitter LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp sosnf32.sys (SOSNF32/CYBERsitter LLC)
AttachedDevice \Driver\Tcpip \Device\Udp sosnf32.sys (SOSNF32/CYBERsitter LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp sosnf32.sys (SOSNF32/CYBERsitter LLC)

---- Threads - GMER 1.0.15 ----

Thread System [4:264] 828F4298

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{519B1951-8979-4280-9284-EC68FDDC8DBD}\[email protected] 3CD4A82EA3AF5FDE
Reg HKLM\SOFTWARE\Classes\CLSID\{519B1951-8979-4280-9284-EC68FDDC8DBD}\[email protected] A53F6418CF3781B5

---- EOF - GMER 1.0.15 ----

otl

OTL logfile created on: 6/16/2010 3:23:40 PM - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\E\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 131.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 24.77 Gb Free Space | 66.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 149.05 Gb Total Space | 97.50 Gb Free Space | 65.42% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEW
Current User Name: E
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/14 20:36:59 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\E\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 12:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/13 12:52:30 | 001,633,664 | ---- | M] (Solid Oak Software) -- C:\Program Files\SOS\SOSNF\sosnflsv.exe
PRC - [2010/02/13 12:52:28 | 001,106,304 | ---- | M] (Solid Oak Software) -- C:\Program Files\SOS\SOSNF\sosnfusv.exe
PRC - [2010/02/13 12:52:26 | 001,182,080 | ---- | M] (Solid Oak Software) -- C:\Program Files\SOS\SOSNF\sosnffsv.exe
PRC - [2009/09/04 13:16:54 | 000,158,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/09/04 13:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneBusEnum.exe
PRC - [2009/04/08 05:38:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/06/14 20:36:59 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\E\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Symantec Core LC)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/13 12:52:30 | 001,633,664 | ---- | M] (Solid Oak Software) [Auto | Running] -- C:\Program Files\SOS\SOSNF\sosnflsv.exe -- (SOSNFLSV)
SRV - [2010/02/13 12:52:28 | 001,106,304 | ---- | M] (Solid Oak Software) [Auto | Running] -- C:\Program Files\SOS\SOSNF\sosnfusv.exe -- (sosnfusv)
SRV - [2010/02/13 12:52:26 | 001,182,080 | ---- | M] (Solid Oak Software) [Auto | Running] -- C:\Program Files\SOS\SOSNF\sosnffsv.exe -- (SOSNFFSV)
SRV - [2009/09/04 13:17:00 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 13:16:54 | 005,893,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 13:16:54 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/04/08 05:38:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/06/10 21:35:34 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\WINDOWS\system32\msdtc -- (MSDTC)


========== Driver Services (SafeList) ==========

DRV - [2010/02/13 12:52:22 | 000,047,488 | ---- | M] (CYBERsitter LLC) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\sosnf32.sys -- (sosnf32)
DRV - [2009/09/02 00:28:46 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/06/20 04:00:00 | 000,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/06/20 04:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/06/15 12:26:38 | 000,513,152 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\WmaCDriverV32.sys -- (WmaCDriverV32)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WinUSB.sys -- (WinUSB)
DRV - [2006/09/22 17:33:38 | 000,515,200 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2006/02/20 19:17:00 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/08/15 09:05:59 | 000,060,928 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\w600bus.sys -- (w600bus) Sony Ericsson W600 driver (WDM)
DRV - [2005/07/18 13:26:40 | 000,085,952 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\w600obex.sys -- (w600obex)
DRV - [2005/07/18 13:25:36 | 000,088,080 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\w600mgmt.sys -- (w600mgmt)
DRV - [2005/07/18 13:24:32 | 000,096,672 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\w600mdm.sys -- (w600mdm)
DRV - [2005/07/18 13:24:26 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\w600mdfl.sys -- (w600mdfl)
DRV - [2005/06/11 11:33:44 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/08/03 17:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2001/08/17 07:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 07:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 07:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.co...n...5&mkt=en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 4F F7 82 2D F6 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/06 16:59:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/13 22:57:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/06/03 23:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/06/09 08:22:20 | 000,000,000 | ---D | M]

[2010/06/06 16:59:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\E\Application Data\Mozilla\Extensions
[2010/06/16 15:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\E\Application Data\Mozilla\Firefox\Profiles\f1tc91t3.default\extensions
[2010/06/16 15:10:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\E\Application Data\Mozilla\Firefox\Profiles\f1tc91t3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/16 15:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 22:57:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/13 22:57:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/13 22:00:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk = C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\E\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\web\wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\web\wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/10 21:39:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/14 23:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Temp
[2010/06/14 20:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/14 17:33:16 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\E\Desktop\OTL.exe
[2010/06/14 17:32:08 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\E\Desktop\erunt_setup.exe
[2010/06/13 23:48:07 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\E\Desktop\OTC.exe
[2010/06/13 23:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/06/13 23:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/13 22:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Desktop\anti-virus
[2010/06/13 22:24:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/13 22:10:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/13 21:30:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/13 21:22:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/13 16:02:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/11 21:29:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\E\Recent
[2010/06/09 08:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\My Documents\Downloads
[2010/06/06 17:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
[2010/06/06 16:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Mozilla
[2010/06/06 16:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Mozilla
[2010/06/06 16:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/04 08:27:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\E\My Documents\My Videos
[2010/06/03 23:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/03 23:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/03 23:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/03 23:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/03 22:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Apple
[2010/06/03 21:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Apple Computer
[2010/06/03 21:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/05/30 14:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
[2010/05/30 14:14:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Yahoo!
[2010/05/27 20:49:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010/05/27 20:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Microsoft Corporation
[2010/05/27 20:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/05/25 10:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Adobe
[2010/05/24 21:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Netscape
[2010/05/24 21:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Netscape
[2010/05/24 21:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2010/05/24 21:13:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/24 21:13:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/24 21:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/23 08:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Malwarebytes
[2010/05/20 01:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Google
[2010/05/17 21:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Sun
[2010/05/17 20:58:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\E\IECompatCache
[2010/05/17 20:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\HP
[2010/05/17 20:57:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\E\PrivacIE
[2010/05/17 20:57:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Apple Computer
[2010/05/17 20:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Identities
[2010/05/17 20:56:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\E\My Documents\My Music
[2010/05/17 20:56:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\E\My Documents\My Pictures
[2010/05/17 20:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Adobe
[2010/05/17 20:41:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\E\IETldCache
[2010/05/17 20:41:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\E\Application Data\Microsoft
[2010/05/17 20:41:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\E\SendTo
[2010/05/17 20:41:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\E\Application Data
[2010/05/17 20:41:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\E\My Documents
[2010/05/17 20:41:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\E\Favorites
[2010/05/17 20:41:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\E\Cookies
[2010/05/17 20:41:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\E\PrintHood
[2010/05/17 20:41:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\E\NetHood
[2010/05/17 20:41:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\E\Local Settings
[2010/05/17 20:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Local Settings\Application Data\Microsoft
[2010/05/17 20:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Application Data\Macromedia
[2010/05/17 20:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\E\Desktop
[2010/05/17 20:41:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\E\Start Menu
[2010/05/17 20:41:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\E\Templates
[2010/05/16 19:01:13 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/05/16 12:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/16 12:01:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/05/16 08:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6
[2010/04/27 23:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Upromise
[2003/12/09 14:16:52 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\comintfs.dll

========== Files - Modified Within 90 Days ==========

[2010/06/16 15:21:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/16 15:10:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/16 15:09:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/16 15:09:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/16 15:09:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/16 15:09:42 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/16 15:08:40 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\E\NTUSER.DAT
[2010/06/16 15:08:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\E\ntuser.ini
[2010/06/16 15:08:31 | 003,767,398 | -H-- | M] () -- C:\Documents and Settings\E\Local Settings\Application Data\IconCache.db
[2010/06/16 11:34:24 | 000,118,272 | ---- | M] () -- C:\Documents and Settings\E\My Documents\malware.doc
[2010/06/14 20:43:35 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\E\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/14 20:43:30 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\E\Desktop\NTREGOPT.lnk
[2010/06/14 20:43:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\E\Desktop\ERUNT.lnk
[2010/06/14 20:36:59 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\E\Desktop\OTL.exe
[2010/06/14 20:36:16 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\E\Desktop\gmer.zip
[2010/06/14 20:36:02 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\E\Desktop\erunt_setup.exe
[2010/06/14 16:45:08 | 000,003,879 | ---- | M] () -- C:\Documents and Settings\E\My Documents\kasp.html
[2010/06/14 03:50:41 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\E\Desktop\OTC.exe
[2010/06/13 22:01:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/13 22:00:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/13 21:30:46 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/13 10:32:11 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/11 21:33:54 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\E\My Documents\Pappasito.doc
[2010/06/06 18:16:49 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\E\Desktop\debt stuff.xls
[2010/06/06 16:58:16 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/06/05 22:17:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/04 08:26:49 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\E\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 06:06:52 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2010/06/04 00:08:59 | 000,057,108 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/05/30 14:14:20 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\E\Desktop\CCleaner.lnk
[2010/05/27 20:48:34 | 000,070,368 | ---- | M] () -- C:\Documents and Settings\E\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/27 20:48:17 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/05/24 21:16:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/24 21:16:23 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Netscape Navigator.lnk
[2010/05/23 02:10:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/23 02:10:06 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/16 07:59:30 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== Files Created - No Company Name ==========

[2010/06/16 11:34:24 | 000,118,272 | ---- | C] () -- C:\Documents and Settings\E\My Documents\malware.doc
[2010/06/14 20:43:35 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\E\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/14 20:43:30 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\E\Desktop\NTREGOPT.lnk
[2010/06/14 20:43:30 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\E\Desktop\ERUNT.lnk
[2010/06/14 17:29:36 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\E\Desktop\gmer.zip
[2010/06/14 16:45:08 | 000,003,879 | ---- | C] () -- C:\Documents and Settings\E\My Documents\kasp.html
[2010/06/13 21:30:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/13 21:30:41 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/13 21:22:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/13 21:22:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/13 15:51:57 | 535,896,064 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/06 16:58:16 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/06/04 08:26:48 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\E\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/04 01:16:04 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\E\My Documents\Pappasito.doc
[2010/06/04 00:08:59 | 000,057,108 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/03 23:23:41 | 000,002,055 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2010/05/30 14:14:20 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\E\Desktop\CCleaner.lnk
[2010/05/27 20:48:17 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Windows 7 Upgrade Advisor.lnk
[2010/05/27 18:25:03 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\E\Desktop\debt stuff.xls
[2010/05/24 21:16:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/24 21:16:23 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Netscape Navigator.lnk
[2010/05/23 02:10:06 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/17 20:41:23 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\E\ntuser.ini
[2010/05/17 20:41:21 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\E\NTUSER.DAT
[2010/05/17 20:41:21 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\E\ntuser.dat
[2010/05/16 07:59:30 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2009/02/05 23:10:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/08/09 12:08:04 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/02/26 17:19:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/02/26 16:42:49 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/21 12:59:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/09/24 13:53:54 | 000,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/24 13:53:42 | 002,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/24 13:52:04 | 000,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2005/11/17 12:57:30 | 000,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2005/10/14 22:10:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2004/02/01 14:21:56 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/08/07 15:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/06/13 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2009/11/03 09:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LogMeIn
[2007/09/12 23:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MoodLogic
[2007/10/11 07:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Napster
[2010/02/21 00:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SOS
[2008/01/15 09:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2008/08/02 16:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2010/06/03 23:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/03 21:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/05/24 21:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\E\Application Data\Netscape

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/06/10 21:39:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/06/10 21:23:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/13 21:30:46 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2003/11/14 11:16:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/16 15:09:42 | 535,896,064 | -HS- | M] () -- C:\hiberfil.sys
[2003/11/14 11:16:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/09 17:22:37 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2003/11/14 11:16:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/10 23:45:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/15 08:21:49 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/07/06 01:08:31 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat
[2010/06/16 15:09:41 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/06/13 15:27:03 | 000,000,512 | ---- | M] () -- C:\rkill.log
[2007/10/12 09:51:48 | 000,001,748 | ---- | M] () -- C:\smbios.bin
[2009/08/22 09:28:25 | 000,000,029 | ---- | M] () -- C:\wizard.txt
[2007/10/28 01:14:10 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 15:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/06/10 16:09:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/06/10 16:09:24 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/06/10 16:09:24 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:4B7BEAFF
< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP