Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

backdoor.Tidservlinf

Started by AlRussell , Jun 27 2010 04:25 PM

  • This topic is locked This topic is locked

#31
AlRussell
Posted 07 July 2010 - 02:34 AM

AlRussell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
...renamed, attached,

Attached Files


  • 0

Advertisements

#32
AlRussell
Posted 07 July 2010 - 02:50 AM

AlRussell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi,...Total Virus report file attached. I saved a pdf version if desired. Let me know what you see as next step please. Thank you, AlRussell

Attached Files


  • 0

#33
maliprog
Posted 07 July 2010 - 12:52 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi AlRussell,

You must delete your copy of MBRCheck.exe.

Please download new version from here MBRCheck.exe.

  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
  • The program will prompt for confirmation. Type 'YES' and hit Enter.
  • Left click on the title bar (where program name and path is written).
  • From menu chose Edit -> Select All
  • Hit the Enter key on your keyboard to copy selected text.
  • Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
  • Restart your PC.
  • Post the text in "MBRCheck results.txt" here, please.

  • 0

#34
AlRussell
Posted 08 July 2010 - 08:05 PM

AlRussell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi maliprog, as requested here's the text from latest run of file <MBRCheck results.txt>:

MBRCheck, version 1.0.2
© 2010, AD

\\.\C: --> \\.\PhysicalDrive0
\\.\F: --> \\.\PhysicalDrive1

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Black Internet)!
232 GB \\.\PhysicalDrive1 Known-bad MBR code detected (Black Internet)!


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!


Done! Press ENTER to exit...


last entry, AlRussell
  • 0

#35
maliprog
Posted 08 July 2010 - 11:09 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi AlRussell,

Step 1

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 1

How is your system now? What kind of problems do you experience now?
  • 0

#36
AlRussell
Posted 09 July 2010 - 07:38 PM

AlRussell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi maliprog,

After running OTL, the results are listed below. The computer appears to run well and no particular glitches are noted at this time. What is next?

The OTL.txt file content is shown below:

OTL logfile created on: 7/9/2010 9:29:35 PM - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 2254 2254 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 32.97 Gb Free Space | 44.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 82.90 Gb Total Space | 16.72 Gb Free Space | 20.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAINER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/28 09:54:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
PRC - [2009/12/13 21:38:46 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2008/06/10 13:56:28 | 000,447,560 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
PRC - [2008/04/17 04:33:14 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/05 08:49:26 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinGamesInstaller.exe
PRC - [2004/01/15 20:33:44 | 000,049,152 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/28 09:54:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
MOD - [2009/12/13 21:38:19 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\asOEHook.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/23 21:24:04 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\WINDOWS\system32\drivers\NOF -- (NOF)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/13 21:38:46 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/01/18 08:02:37 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/17 04:33:14 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/04/14 05:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 05:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/03/05 08:49:26 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinGamesInstaller.exe -- (iWinGamesInstaller)
SRV - [2003/03/31 08:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100708.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100708.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100708.033\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/14 05:21:22 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/13 21:38:52 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/12/13 21:38:51 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/12/13 21:38:51 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/12/13 21:38:51 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/12/13 21:38:51 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/12/13 21:38:51 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/12/13 21:38:51 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/12/13 21:38:51 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/12/13 21:38:51 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/12/13 21:38:50 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/12/13 21:38:50 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2008/05/16 17:18:16 | 000,023,552 | ---- | M] (Copyright © FineArt Technology Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FD.sys -- (FD)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/10/17 23:11:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2006/08/10 07:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2001/08/17 13:51:14 | 000,023,936 | ---- | M] (OMNIKEY AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sccmusbm.sys -- (OMNUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gideons.o...te/default.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/26 07:26:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\Documents and Settings\All Users\Application Data\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_1.2.0.37\FFPlugin\


O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Safety Minder BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files\Norton Online\AddOns\Norton Safety Minder\Engine\1.2.2.2\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} http://99.191.248.17/VatDec.cab (VatCtrl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1220607666906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/13 15:55:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4c9fd9b5-2442-11dd-b63c-000c76f0a012}\Shell - "" = AutoRun
O33 - MountPoints2\{4c9fd9b5-2442-11dd-b63c-000c76f0a012}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c9fd9b5-2442-11dd-b63c-000c76f0a012}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/05 11:26:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/05 10:54:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/05 09:46:39 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/07/05 09:46:39 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/07/05 09:45:16 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/30 08:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mainer
[2010/06/30 07:54:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/30 07:41:46 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Documents and Settings\Owner\Desktop\remover.exe
[2010/06/30 07:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PeaZip
[2010/06/30 07:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip
[2010/06/30 07:23:44 | 006,599,984 | ---- | C] (Giorgio Tani ) -- C:\Documents and Settings\Owner\Desktop\peazip-3.2.WINDOWS.exe
[2010/06/28 09:54:10 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/06/27 18:02:32 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/06/27 14:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/27 14:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/27 14:02:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/24 04:06:42 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/14 04:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/14 03:50:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2010/05/14 03:50:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache
[2010/05/14 03:48:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq
[2010/05/14 03:48:11 | 000,000,000 | ---D | C] -- C:\Inetpub
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/09 21:33:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FC0B4E35-80B8-4FBD-A66D-26C488BF0099}.job
[2010/07/09 21:31:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2010/07/09 21:31:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F78F92D3-41BF-49B7-9A16-3A17289FD6A8}.job
[2010/07/09 21:27:46 | 000,021,854 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 21:24:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/09 21:24:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/08 23:01:37 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/07/08 23:01:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/07/08 23:01:23 | 004,830,744 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/08 21:53:22 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/07/07 04:44:02 | 000,040,954 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\mbrdump.docx
[2010/07/07 04:43:29 | 000,040,956 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\File mbrdump.docx
[2010/07/07 04:42:09 | 000,083,467 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\100707MBRDMP-TOTAL-VIRUS.pdf
[2010/07/06 22:10:49 | 000,009,905 | ---- | M] () -- C:\test.docx
[2010/07/06 21:58:58 | 000,000,512 | ---- | M] () -- C:\mbrdump.dmp
[2010/07/06 21:58:58 | 000,000,512 | ---- | M] () -- C:\Copy of mbrdump.doc
[2010/07/05 17:06:42 | 000,078,072 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\writeup.pdf
[2010/07/05 16:58:28 | 000,498,903 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Doc3.docx
[2010/07/05 16:35:49 | 1576,620,032 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/05 16:08:21 | 000,010,177 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\v4.docx
[2010/07/05 12:42:31 | 000,609,476 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/05 12:42:30 | 000,127,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/05 12:42:29 | 000,753,978 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/05 12:39:44 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/05 12:39:36 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/05 12:37:01 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/05 12:30:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/05 11:38:27 | 000,072,456 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/05 11:35:10 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/05 11:10:39 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/07/05 11:01:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/05 11:01:53 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/05 10:08:51 | 000,021,854 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/07/05 10:05:34 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/07/05 09:48:45 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/05 09:44:22 | 000,000,598 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/05 09:44:15 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/05 09:44:15 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/05 09:44:13 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/07/05 09:44:01 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/05 09:40:05 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/05 09:40:05 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/05 09:37:37 | 000,027,468 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/05 09:35:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/05 09:23:05 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/01 16:00:57 | 000,012,017 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OTL.docx
[2010/06/30 07:35:34 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PeaZip.lnk
[2010/06/30 07:23:52 | 006,599,984 | ---- | M] (Giorgio Tani ) -- C:\Documents and Settings\Owner\Desktop\peazip-3.2.WINDOWS.exe
[2010/06/30 07:18:16 | 000,012,175 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\download_peazip.htm
[2010/06/30 07:17:53 | 000,478,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.rar
[2010/06/28 15:11:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/28 10:33:33 | 000,293,376 | ---- | M] () -- C:\tx7ri023.exe
[2010/06/28 09:54:13 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.scr
[2010/06/27 18:02:38 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/05/13 22:05:22 | 000,285,691 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\add-remove-checklist-mainer.docx
[2010/05/13 22:05:22 | 000,012,986 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\0905-52-HOUSE RULES.docx
[2010/05/13 21:30:14 | 000,285,601 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\add-remove-checklist.docx
[2010/05/13 21:30:14 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\20010426-elmhurst-albright.doc
[2010/05/13 21:23:43 | 000,152,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mainer-11-04-06.doc
[2010/05/13 21:23:42 | 000,033,750 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NORTON360-12-13-09MAINER.docx
[2010/05/13 21:22:10 | 000,423,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\08JULY_EVMSslide-Input_EVMS_Trid Program Brief_final_2.ppt
[2010/05/13 21:22:10 | 000,230,478 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\091011alertmanualfixrequired.docx
[2010/05/13 21:22:10 | 000,016,724 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1040se_2008-0.xlsx
[2010/05/13 21:21:06 | 000,013,885 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Am I understanding these correctly.docx
[2010/05/13 21:21:06 | 000,010,445 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Beginning today the internet connection is available in a limited time frame.docx
[2010/05/13 21:20:55 | 000,138,241 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Doc1.docx
[2010/05/13 21:20:55 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\currentSAR-sep2008_eng_slide_1.ppt
[2010/05/13 21:20:55 | 000,012,048 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Doc2.docx
[2010/05/13 21:20:46 | 000,009,895 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\EpsonC88.docx
[2010/05/13 21:20:42 | 000,725,882 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\File0262.pdf
[2010/05/13 21:18:24 | 001,527,296 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PAWFormsSAMPLE1.XLS
[2010/05/13 21:18:24 | 000,856,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PAWFormsBLANK1.xls
[2010/05/13 21:18:19 | 000,119,639 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\SE Surveillance PE&D-APP-C.pptx
[2010/05/13 21:14:32 | 000,010,401 | ---- | M] () -- C:\election10electoralvotesnov4.xlsx
[2010/05/13 21:14:32 | 000,010,372 | ---- | M] () -- C:\election10electoralvotes.xlsx
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/08 21:53:22 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/07/07 04:44:02 | 000,040,954 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\mbrdump.docx
[2010/07/07 04:43:28 | 000,040,956 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\File mbrdump.docx
[2010/07/07 04:42:09 | 000,083,467 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\100707MBRDMP-TOTAL-VIRUS.pdf
[2010/07/06 22:10:49 | 000,009,905 | ---- | C] () -- C:\test.docx
[2010/07/06 22:07:54 | 000,000,512 | ---- | C] () -- C:\Copy of mbrdump.doc
[2010/07/06 21:58:58 | 000,000,512 | ---- | C] () -- C:\mbrdump.dmp
[2010/07/05 17:06:42 | 000,078,072 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\writeup.pdf
[2010/07/05 16:57:20 | 000,498,903 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Doc3.docx
[2010/07/05 16:08:20 | 000,010,177 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\v4.docx
[2010/07/05 09:46:32 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/07/05 09:46:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/07/05 09:45:56 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/07/05 09:45:54 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/07/05 09:45:52 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/07/05 09:45:43 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/07/05 09:45:39 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/07/05 09:45:20 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/07/05 09:44:17 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/07/05 09:44:13 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2010/07/05 09:40:05 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/05 09:39:57 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/05 09:36:35 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/07/05 09:36:35 | 000,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2010/07/05 09:36:34 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/07/05 09:36:34 | 000,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h
[2010/07/05 09:36:31 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/07/05 09:36:30 | 000,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h
[2010/07/05 09:35:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/05 09:23:15 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/05 09:22:42 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/07/05 09:22:42 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/07/05 09:22:42 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/07/05 09:22:42 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/07/05 09:22:42 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/07/05 09:22:42 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/07/05 05:13:20 | 1576,620,032 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/07/01 15:50:32 | 000,012,017 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OTL.docx
[2010/06/30 07:35:34 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PeaZip.lnk
[2010/06/30 07:18:16 | 000,012,175 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\download_peazip.htm
[2010/06/30 07:17:52 | 000,478,504 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bootkit_remover.rar
[2010/06/28 10:33:31 | 000,293,376 | ---- | C] () -- C:\tx7ri023.exe
[2010/06/09 21:48:02 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2010/05/14 03:49:42 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/05/14 03:49:42 | 000,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h
[2010/05/14 03:49:41 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/05/14 03:49:41 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h
[2010/05/14 03:48:47 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2010/05/14 03:48:47 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2010/05/14 03:48:46 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2010/05/14 03:48:46 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2010/05/14 03:48:46 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2010/05/14 03:48:46 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2010/05/14 03:48:46 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2010/05/14 03:48:46 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2010/05/14 03:48:45 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2010/05/14 03:48:45 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2010/05/14 03:48:45 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2010/05/14 03:48:45 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2010/05/14 03:48:45 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2010/05/14 03:48:45 | 000,020,079 | ---- | C] () -- C:\WINDOWS\System32\http.mib
[2010/05/14 03:48:45 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2010/05/14 03:48:45 | 000,000,698 | ---- | C] () -- C:\WINDOWS\System32\inetsrv.mib
[2010/05/14 03:48:44 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2010/05/14 03:48:44 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2010/05/14 03:48:44 | 000,006,179 | ---- | C] () -- C:\WINDOWS\System32\ftp.mib
[2010/05/14 03:48:44 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/21 14:20:13 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/05/18 11:00:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2008/05/16 17:18:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\pxdl.dll
[2008/05/16 17:18:16 | 000,106,496 | ---- | C] () -- C:\WINDOWS\keyword.dll
[2008/05/16 17:18:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\ufdp.dll
[2008/05/16 17:18:16 | 000,000,114 | ---- | C] () -- C:\WINDOWS\FASRV.ini
[2008/05/16 17:18:16 | 000,000,069 | ---- | C] () -- C:\WINDOWS\swbn01.ini
[2008/03/15 11:00:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/15 11:00:34 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSONSC88+.ini
[2008/03/15 10:59:53 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/27 08:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

========== LOP Check ==========

[2009/06/17 10:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2008/12/08 16:34:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2008/11/28 17:51:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2008/11/28 18:00:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2009/11/18 14:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/05/18 20:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/10/06 12:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/02/24 22:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/03/26 19:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NBC Direct
[2009/11/15 18:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/06/21 18:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/12/13 21:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/06/16 19:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/05/12 04:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2008/10/06 21:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/28 17:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2008/03/15 11:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/03/15 13:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2010/06/30 07:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PeaZip
[2008/05/26 14:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PureEdge
[2008/03/15 16:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2010/07/09 21:31:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2010/07/09 21:31:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F78F92D3-41BF-49B7-9A16-3A17289FD6A8}.job
[2010/07/09 21:33:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FC0B4E35-80B8-4FBD-A66D-26C488BF0099}.job

========== Purity Check ==========


< End of report >
last entry. AlRussell
  • 0

#37
maliprog
Posted 10 July 2010 - 11:00 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi AlRussell,

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2010/07/09 21:31:00 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9.job
[2008/05/18 11:00:09 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2008/10/06 21:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/07/09 21:33:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FC0B4E35-80B8-4FBD-A66D-26C488BF0099}.job

:Commands
[purity]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Step 2

You system is clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system.

Step 3

Here are some recommendations you should follow to minimize infection risk in the future:

1. Your system need one antivirus software. Chose one that suits your needs best. Here are some FREEWARE recomendations:

Avira AntiVir Personal - Free
AVG Free

2. Your system need one firewall software. Chose one that suits your needs best. Here are some FREEWARE recomendations.

ZoneAlarm Pro
Ashampoo Firewall

3. Intall AntiSpyware. You need to have only one realtime antispyware solution running on your system.


4. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

5. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

6. Make Backups of Important Files

Please read this article Home Computer Data Backup.


7. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#38
AlRussell
Posted 11 July 2010 - 08:35 AM

AlRussell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok. :)
Thank you for your help--all appears restored and operating.

Advice well noted--should I expect better antivirus and firewall protection performance from the apps you suggest than in keeping Symantec's NIS 360?

AlRussell


ps. btw, when do you complete "training"? ar
  • 0

#39
maliprog
Posted 11 July 2010 - 01:43 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi AlRussell,

I think you should keep your current antivirus software.

I'll be in training until my teachers decide I'm ready to move on and offer help by myself :)
  • 0

#40
AlRussell
Posted 11 July 2010 - 04:47 PM

AlRussell

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Okay then--thank you very much; best wishes in your training time.
  • 0

Advertisements

#41
maliprog
Posted 17 June 2011 - 04:49 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP