Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Fake Codec Alert in Web Browser


  • Please log in to reply

#1
savinbb037

savinbb037

    New Member

  • Member
  • Pip
  • 2 posts
Hello. I posted here about a year or so ago on a different account and received some fantastic help on a computer related issue, and was hoping someone here may be able to give me some further assistance also.

My problem began this morning. I'm staying with my parents until I leave for college and my dad called me downstairs to show me a pop-up he got from AVG while viewing an image through Bing.com. I closed the window, went through ran CCleaner and did a search for all files created today (looked good), CTRL+ALT+DEL (same number of processes usually running), and everything seemed okay. So he showed me exactly what he went to, and going back I found the problem.

One of the images he clicked led to a page with a fake YouTube page embedded in it, and AVG came up with this exact warning.

The page you are trying to access has been identified as a known exploit, phishing, or social engineering web site and therefore has been blocked for your safety. Without protection, such as that in the AVG Security Toolbar and AVG, your computer is at risk of being compromised, corrupted or having your identity stolen. Please follow one of the suggestions below to continue.

URL: (I'm censoring it for here, but if needed I still have it)
Name: Fake Codec (type 1121)


So I went through, Googled it a bit and found this was an emerging problem. Okay. I decide to go back and have another look at the files created today again, and very oddly there were a whole bunch of wbk###.tmp files created and some Internet Explorer Temp files created just seconds before I began running the scan. I never used either Outlook Express (which Google tells me the wbk files came from) or Internet Explorer during the period. It seemed just too suspicious, so I took one step further and checked the event log, and found this.

Event ID: 4226
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.


Around the exact same time this was going on.

Now, as of typing this I've seen no real indications pop-up wise or slow down that would raise my alarm. AVG said the page was blocked, but the creation of those files proceeding visiting the site prompted my attention. As for the event log entry, again I found it suspicious, but the previous day it also came up as well, and I believe it may have been called by my laptop not getting a good WiFi signal and repeatedly reconnecting. Having looked up the error previously, I did a "netstat -no" in Command Prompt, and saw nothing arising my suspicion in the log it provided. What I am more concerned about is if a potential Trojan may have somehow gotten into my computer even though AVG blocked the site, because from some reports I've read that the program this exploit detects is nigh undetectable.

Following this I'm going to run Kaspersky Online Scanner and see if that catches anything, but hopefully someone can check my logs and see if anything suspicious may be going on.

ALSO: The "extras.txt" file was not created, even after running OTL twice. I remember on my other computer I had the same problem for some reason.

EDIT: As of tonight I ran Kaspersky (0 results), and browsing has been pretty much okay, but I've been seeing these really strange event log entries. It keeps saying Application Pop-up, but I've seen none at all. About 7 in a row 5 hours ago, and 2 in a row just recently. Checking any files modified around the same times, it leads me back to Java.exe and other Java executables.

Event ID:26
Application popup: : \SystemRoot\System32\vga.dll cannot find win32k.sys


MALWARE BYTES LOG

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4449

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/19/2010 12:17:03 PM
mbam-log-2010-08-19 (12-17-03).txt

Scan type: Quick scan
Objects scanned: 137492
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER ROOTKIT SCAN

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-19 13:55:17
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\uwloapog.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7AF8F80]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat F191AD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C5500 [email protected] 2318203

---- EOF - GMER 1.0.15 ----

OTL

OTL logfile created on: 8/19/2010 2:00:25 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Vincent Franks\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 246.00 Mb Available Physical Memory | 48.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.70 Gb Total Space | 9.54 Gb Free Space | 28.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D9P0X361
Current User Name: Vincent Franks
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/19 13:59:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincent Franks\Desktop\OTL.exe
PRC - [2010/07/27 07:21:05 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 10:03:16 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 10:03:08 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 10:03:07 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 10:02:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 10:00:54 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 10:00:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\SYSTEM32\java.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/06/30 15:33:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2003/10/29 04:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/08/19 13:59:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincent Franks\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/27 07:21:05 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 10:02:56 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINIO.sys -- (WINIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 10:03:12 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 10:00:55 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 09:18:38 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/12/12 18:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\purendis.sys -- (purendis)
DRV - [2008/12/12 18:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pnarp.sys -- (pnarp)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/10/29 17:50:00 | 002,826,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/05/07 14:47:10 | 000,079,616 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys -- (WUSB54GV4SRV)
DRV - [2004/04/26 11:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2003/11/17 17:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 17:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 17:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/09/25 23:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/01/28 18:44:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/27 07:26:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 14:12:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/30 10:50:36 | 000,000,000 | ---D | M]

[2008/06/18 13:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent Franks\Application Data\Mozilla\Extensions
[2010/08/18 21:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent Franks\Application Data\Mozilla\Firefox\Profiles\6l6ghbxt.default\extensions
[2010/03/09 16:45:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Vincent Franks\Application Data\Mozilla\Firefox\Profiles\6l6ghbxt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/17 22:56:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Vincent Franks\Application Data\Mozilla\Firefox\Profiles\6l6ghbxt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/06/22 21:52:41 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Vincent Franks\Application Data\Mozilla\Firefox\Profiles\6l6ghbxt.default\searchplugins\imdb.xml
[2008/06/22 21:52:41 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Vincent Franks\Application Data\Mozilla\Firefox\Profiles\6l6ghbxt.default\searchplugins\wikipedia-en.xml
[2008/06/23 21:49:32 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Vincent Franks\Application Data\Mozilla\Firefox\Profiles\6l6ghbxt.default\searchplugins\wikipedia-eng.xml
[2008/04/10 15:38:53 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Vincent Franks\Application Data\Mozilla\Firefox\Profiles\6l6ghbxt.default\searchplugins\youtube-video-search.xml
[2010/08/18 21:14:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/30 10:50:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/28 20:11:13 | 000,419,583 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14484 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.255.0.130 207.255.0.131
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Firefox Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{882f3cc3-b28c-11de-81d4-0011117035d5}\Shell - "" = AutoRun
O33 - MountPoints2\{882f3cc3-b28c-11de-81d4-0011117035d5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{882f3cc3-b28c-11de-81d4-0011117035d5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/19 13:59:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vincent Franks\Desktop\OTL.exe
[2010/08/19 12:05:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/19 12:05:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/19 12:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/19 12:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/19 11:37:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vincent Franks\Recent
[2010/07/15 10:03:07 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

========== Files - Modified Within 90 Days ==========

[2010/08/19 13:59:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincent Franks\Desktop\OTL.exe
[2010/08/19 12:42:26 | 012,320,768 | ---- | M] () -- C:\Documents and Settings\Vincent Franks\ntuser.dat
[2010/08/19 12:06:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vincent Franks\Local Settings\Application Data\prvlcl.dat
[2010/08/19 12:05:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/19 11:57:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Vincent Franks\Ÿ9Ÿ9
[2010/08/19 11:54:44 | 000,017,145 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/19 11:54:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/19 11:54:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/08/19 11:54:34 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/19 11:53:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Vincent Franks\NTUSER.INI
[2010/08/19 08:07:36 | 063,602,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/15 14:28:49 | 000,010,899 | ---- | M] () -- C:\Documents and Settings\Vincent Franks\My Documents\Italian Club to get money.docx
[2010/08/13 07:52:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/12 07:18:24 | 000,229,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 23:38:26 | 000,503,304 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 23:38:26 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/08/11 23:38:26 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/08/01 08:07:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/28 20:11:13 | 000,419,583 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/07/15 10:03:12 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/15 10:03:07 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 10:00:55 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/28 08:48:16 | 000,011,062 | ---- | M] () -- C:\Documents and Settings\Vincent Franks\My Documents\Jury Duty Letter 6-28-2010.docx
[2010/06/23 07:56:51 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Vincent Franks\Desktop\Microsoft Office PowerPoint 2007.lnk
[2010/06/15 22:23:30 | 000,408,371 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100728-201112.backup
[2010/06/03 09:18:38 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/30 22:04:31 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/27 10:16:35 | 000,159,232 | ---- | M] () -- C:\Documents and Settings\Vincent Franks\My Documents\AlarmSystem Questions.doc
[2010/05/26 15:51:30 | 000,157,558 | ---- | M] () -- C:\Documents and Settings\Vincent Franks\Desktop\AlarmSystem.docx

========== Files Created - No Company Name ==========

[2010/08/19 12:05:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/15 14:28:48 | 000,010,899 | ---- | C] () -- C:\Documents and Settings\Vincent Franks\My Documents\Italian Club to get money.docx
[2010/06/28 08:48:16 | 000,011,062 | ---- | C] () -- C:\Documents and Settings\Vincent Franks\My Documents\Jury Duty Letter 6-28-2010.docx
[2010/05/27 10:16:34 | 000,159,232 | ---- | C] () -- C:\Documents and Settings\Vincent Franks\My Documents\AlarmSystem Questions.doc
[2010/05/26 15:51:29 | 000,157,558 | ---- | C] () -- C:\Documents and Settings\Vincent Franks\Desktop\AlarmSystem.docx
[2009/11/20 23:32:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Vincent Franks\Local Settings\Application Data\prvlcl.dat
[2009/01/28 18:35:13 | 000,001,165 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/01/11 22:42:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2008/12/11 17:40:03 | 000,000,438 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2007/08/15 18:33:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/08/15 18:30:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/05/18 11:46:01 | 000,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/02/19 19:07:49 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/04/12 15:17:49 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Vincent Franks\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/24 13:19:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/11/21 13:55:30 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Vincent Franks\Application Data\PFP120JPR.{PB
[2004/11/21 13:55:30 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Vincent Franks\Application Data\PFP120JCM.{PB
[2004/11/21 13:05:15 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2004/11/21 13:05:05 | 000,001,628 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2004/11/17 11:29:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/17 11:27:11 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/17 11:00:14 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/11/13 23:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/07/02 14:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/06/02 19:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2004/11/17 11:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/10 21:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/06/02 18:59:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
[2009/12/20 12:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent Franks\Application Data\AVG9
[2009/07/02 13:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent Franks\Application Data\GARMIN
[2009/04/25 11:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent Franks\Application Data\Leadertech
[2008/05/27 15:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincent Franks\Application Data\SystemRequirementsLab

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/10 21:37:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/10 14:08:28 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/09/27 08:28:38 | 000,009,278 | ---- | M] () -- C:\ComboFix.txt
[2004/08/10 15:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/11/17 11:03:30 | 000,004,142 | RH-- | M] () -- C:\DELL.SDR
[2005/07/05 00:04:05 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2010/08/19 11:54:34 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2004/08/10 15:14:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/02/19 19:11:19 | 000,001,497 | -H-- | M] () -- C:\IPH.PH
[2004/08/10 15:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/07/31 09:20:54 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/08/19 11:54:32 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2009/09/25 17:26:06 | 000,000,016 | ---- | M] () -- C:\RootRepeal report 09-25-09 (17-26-06).txt
[2009/09/25 17:33:13 | 000,002,056 | ---- | M] () -- C:\RootRepeal report 09-25-09 (17-33-13).txt
[2009/08/02 16:48:02 | 000,000,000 | ---- | M] () -- C:\rundll32.txt
[2004/11/17 11:19:41 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 15:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\DESKTOP.INI

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2008/06/06 21:49:18 | 000,302,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\hpzpp692.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2007/12/28 13:12:43 | 000,001,538 | -H-- | M] () -- C:\Documents and Settings\Vincent Franks\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 14:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 14:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 14:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/07/31 09:31:38 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\DESKTOP.INI

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2010/01/30 02:20:13 | 000,019,968 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\Thumbs.db

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/31 09:53:42 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Vincent Franks\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI
[2004/08/10 15:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Vincent Franks\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/08/19 13:59:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincent Franks\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-12 03:42:38
< End of report >

Edited by savinbb037, 19 August 2010 - 10:31 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP