Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pw.exe (Trojan.FakeAlert)

Started by Putt4Dough , Nov 12 2010 11:01 AM

  • Please log in to reply

#1
Putt4Dough
Posted 12 November 2010 - 11:01 AM

Putt4Dough

    Member

  • Member
  • PipPipPip
  • 120 posts
Hello,

Got a virus or malware from browsing and cleaned it with Malwarebytes but now I get all types of error messages when I open apps on my PC like if the paths are all screwed up. Is there a fix for this?

Regards
Mike

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5100

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/11/2010 11:26:13 AM
mbam-log-2010-11-12 (11-26-13).txt

Scan type: Quick scan
Objects scanned: 169025
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Documents and Settings\mberube\Local Settings\Application Data\pw.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\mberube\Local Settings\Application Data\pw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


OTL logfile created on: 12/11/2010 11:54:14 AM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\mberube\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

999.00 Mb Total Physical Memory | 521.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 190.20 Gb Free Space | 81.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 223.12 Gb Total Space | 200.36 Gb Free Space | 89.80% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 223.12 Gb Total Space | 200.36 Gb Free Space | 89.80% Space Free | Partition Type: NTFS
Drive H: | 223.12 Gb Total Space | 200.36 Gb Free Space | 89.80% Space Free | Partition Type: NTFS
Drive I: | 265.59 Gb Total Space | 177.95 Gb Free Space | 67.00% Space Free | Partition Type: NTFS
Drive J: | 1394.10 Gb Total Space | 829.52 Gb Free Space | 59.50% Space Free | Partition Type: NTFS
Drive K: | 223.12 Gb Total Space | 200.36 Gb Free Space | 89.80% Space Free | Partition Type: NTFS
Drive N: | 521.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 197.19 Gb Total Space | 101.53 Gb Free Space | 51.49% Space Free | Partition Type: NTFS
Drive W: | 3.73 Gb Total Space | 0.31 Gb Free Space | 8.42% Space Free | Partition Type: FAT32
Drive X: | 197.19 Gb Total Space | 101.53 Gb Free Space | 51.49% Space Free | Partition Type: NTFS

Computer Name: CONSOLE_LOCAL
Current User Name: mberube
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/24 08:36:58 | 006,811,944 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/09/24 08:36:58 | 001,960,744 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/09/10 12:44:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mberube\Desktop\OTL.exe
PRC - [2009/11/23 12:42:00 | 000,761,856 | ---- | M] () -- C:\Logosoft\TransFlow\TransFlowService.exe
PRC - [2008/12/19 11:59:24 | 000,092,160 | ---- | M] (Entrust®) -- C:\WINDOWS\system32\eelogsvc.exe
PRC - [2008/12/19 11:48:34 | 000,086,016 | ---- | M] (Entrust®) -- C:\WINDOWS\system32\eelssrv.exe
PRC - [2008/12/02 21:13:14 | 000,542,136 | ---- | M] (Druide informatique inc.) -- C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
PRC - [2008/10/15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 13:12:56 | 000,238,896 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
PRC - [2007/07/10 11:26:28 | 000,601,600 | ---- | M] () -- C:\WINDOWS\system32\BTLTService.exe
PRC - [2007/05/31 12:18:04 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/04/20 16:50:56 | 000,407,072 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/02/05 06:57:24 | 000,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
PRC - [2004/04/06 18:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\incdsrv.exe
PRC - [2002/09/19 15:29:28 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe


========== Modules (SafeList) ==========

MOD - [2010/09/10 12:44:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mberube\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/24 08:36:58 | 001,960,744 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/11/23 12:42:00 | 000,761,856 | ---- | M] () [Auto | Running] -- C:\Logosoft\TransFlow\TransFlowService.exe -- (TransFlowServiceStart)
SRV - [2009/04/21 07:16:58 | 000,380,928 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask)
SRV - [2009/04/21 07:16:58 | 000,192,512 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\InoRpc.exe -- (InoRPC)
SRV - [2009/03/18 13:50:15 | 000,208,896 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT)
SRV - [2008/12/19 11:59:24 | 000,092,160 | ---- | M] (Entrust®) [Auto | Running] -- C:\WINDOWS\System32\eelogsvc.exe -- (eelogsvc)
SRV - [2008/12/19 11:48:34 | 000,086,016 | ---- | M] (Entrust®) [Auto | Running] -- C:\WINDOWS\system32\eelssrv.exe -- (EELSService)
SRV - [2008/10/15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/09/19 00:00:00 | 000,016,680 | ---- | M] (Sage Software) [Auto | Stopped] -- C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/11/01 13:12:56 | 000,238,896 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2007/07/10 11:26:28 | 000,601,600 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\BTLTService.exe -- (LTWebScheduler)
SRV - [2007/04/20 16:50:56 | 000,407,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/02/05 06:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2004/04/06 18:35:10 | 000,929,904 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)
SRV - [2002/09/19 15:41:00 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002/09/19 15:29:28 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002/09/19 15:27:04 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\mberube\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/02 13:39:20 | 000,055,400 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cpqdtct.sys -- (CpqDtct)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/25 09:54:55 | 000,395,744 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/03/25 09:54:55 | 000,040,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/03/25 09:54:48 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/10/18 20:14:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2007/08/06 21:07:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2006/08/14 08:09:48 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/08/14 03:00:24 | 001,109,568 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/07/17 20:51:40 | 000,041,600 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/06/12 15:36:30 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2006/05/02 04:12:06 | 000,229,376 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/03/17 05:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 06:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/06 18:40:10 | 000,025,600 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2004/04/06 18:39:20 | 000,089,472 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/12/05 04:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.meteomedi...eather/caon0512
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/11/01 07:24:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageServer\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\666.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe (CA)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe (Druide informatique inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\mberube\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: clublink.ca ([fr] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: logitermweb ([]http in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1178639507921 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...ctDetection.cab (GMNRev Class)
O16 - DPF: {7B19E477-0FF8-11d4-9914-005004D3B3DB} http://java.sun.com/...122_017-win.cab (JavaPlugin.Object)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://fortinet.web...nbr/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/...on.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.20 206.191.0.140 206.191.0.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.societe-gamma.com
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\mberube\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mberube\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/08 10:32:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/05 14:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mberube\Application Data\Download Manager
[2010/11/05 08:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mberube\Desktop\New Folder (2)
[2010/11/05 07:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mberube\Desktop\WhoLockMe200
[2010/11/02 14:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mberube\Desktop\New Folder
[2010/11/02 13:39:20 | 000,055,400 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\drivers\Cpqdtct.sys
[2010/11/01 08:31:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/01 07:13:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/01 07:09:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/01 07:09:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/01 07:09:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/01 07:09:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/01 07:08:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/29 10:54:25 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/10/29 10:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mberube\Desktop\virus
[2010/10/27 12:32:10 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/27 12:32:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/27 12:32:10 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/27 09:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/27 09:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/15 12:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mberube\Local Settings\Application Data\CorFloues41
[2010/10/14 12:50:12 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 12:50:11 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 12:50:03 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll

========== Files - Modified Within 30 Days ==========

[2010/11/12 11:55:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/12 11:51:53 | 003,908,474 | R--- | M] () -- C:\Documents and Settings\mberube\Desktop\ComboFix.exe
[2010/11/12 11:50:19 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\mberube\Desktop\Microsoft Office Word 2003.lnk
[2010/11/12 11:50:08 | 000,000,161 | ---- | M] () -- C:\WINDOWS\Antidote.ini
[2010/11/12 11:33:00 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 11:32:35 | 000,581,014 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/11/12 11:32:35 | 000,484,086 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/12 11:32:35 | 000,085,680 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/12 11:31:31 | 000,000,167 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/11/12 11:31:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/12 11:31:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/12 11:28:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/11/12 11:28:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/12 11:27:48 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\mberube\NTUSER.DAT
[2010/11/12 11:27:35 | 000,000,368 | -HS- | M] () -- C:\Documents and Settings\mberube\ntuser.ini
[2010/11/12 11:19:13 | 000,012,048 | -HS- | M] () -- C:\Documents and Settings\mberube\Local Settings\Application Data\opRSK
[2010/11/12 10:59:47 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\mberube\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/12 10:26:43 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/11/12 08:49:19 | 000,001,908 | -H-- | M] () -- C:\Documents and Settings\mberube\My Documents\Default.rdp
[2010/11/12 04:32:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\gendicos.job
[2010/11/11 18:46:21 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\AlignRobot.job
[2010/11/08 14:10:52 | 000,014,682 | ---- | M] () -- C:\titleistBp2.jpg
[2010/11/08 14:10:46 | 000,035,991 | ---- | M] () -- C:\titleistBp.jpg
[2010/11/08 08:00:50 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\mberube\Desktop\Societe Gamma.lnk
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/05 08:25:51 | 000,003,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\NTHANDLE.SYS
[2010/11/05 08:00:11 | 000,021,552 | ---- | M] () -- C:\Documents and Settings\mberube\Desktop\WhoLockMe104.zip
[2010/11/05 07:26:32 | 000,022,572 | ---- | M] () -- C:\Documents and Settings\mberube\Desktop\WhoLockMe200.zip
[2010/11/04 11:06:29 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\mberube\Desktop\Shortcut to AlignRobot.exe.lnk
[2010/11/04 10:48:42 | 000,307,765 | ---- | M] () -- C:\WINDOWS\unins003.dat
[2010/11/04 10:48:42 | 000,000,502 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AlignRobot.lnk
[2010/11/04 10:47:59 | 000,707,591 | ---- | M] () -- C:\WINDOWS\unins003.exe
[2010/11/03 07:26:50 | 000,064,935 | ---- | M] () -- C:\Documents and Settings\mberube\Desktop\diskman.JPG
[2010/11/02 13:39:20 | 000,055,400 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\drivers\Cpqdtct.sys
[2010/11/01 12:40:00 | 000,009,386 | ---- | M] () -- C:\Documents and Settings\mberube\Desktop\40-74720-D_20101101T091830.470.htm
[2010/11/01 07:25:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/11/01 07:24:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/01 07:13:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/01 03:55:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/26 09:51:26 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010/10/20 12:13:49 | 000,197,118 | ---- | M] () -- C:\Documents and Settings\mberube\My Documents\erreur.bmp
[2010/10/20 12:08:01 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\mberube\My Documents\LtransDocx.doc
[2010/10/15 06:42:25 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 02:04:25 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2010/11/12 11:17:31 | 000,012,048 | -HS- | C] () -- C:\Documents and Settings\mberube\Local Settings\Application Data\opRSK
[2010/11/08 14:17:05 | 000,014,682 | ---- | C] () -- C:\titleistBp2.jpg
[2010/11/08 14:16:47 | 000,035,991 | ---- | C] () -- C:\titleistBp.jpg
[2010/11/05 08:00:10 | 000,021,552 | ---- | C] () -- C:\Documents and Settings\mberube\Desktop\WhoLockMe104.zip
[2010/11/05 07:30:25 | 000,003,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\NTHANDLE.SYS
[2010/11/05 07:26:32 | 000,022,572 | ---- | C] () -- C:\Documents and Settings\mberube\Desktop\WhoLockMe200.zip
[2010/11/04 10:48:42 | 000,000,502 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AlignRobot.lnk
[2010/11/03 07:26:50 | 000,064,935 | ---- | C] () -- C:\Documents and Settings\mberube\Desktop\diskman.JPG
[2010/11/02 07:31:11 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\mberube\Desktop\Shortcut to AlignRobot.exe.lnk
[2010/11/01 12:40:00 | 000,009,386 | ---- | C] () -- C:\Documents and Settings\mberube\Desktop\40-74720-D_20101101T091830.470.htm
[2010/11/01 07:13:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/01 07:13:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/01 07:09:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/01 07:09:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/01 07:09:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/01 07:09:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/01 07:09:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/01 07:08:35 | 003,908,474 | R--- | C] () -- C:\Documents and Settings\mberube\Desktop\ComboFix.exe
[2010/10/27 12:23:31 | 000,249,761 | ---- | C] () -- C:\Documents and Settings\mberube\My Documents\washer.jpg
[2010/10/27 12:23:31 | 000,188,941 | ---- | C] () -- C:\Documents and Settings\mberube\My Documents\dryer2.jpg
[2010/10/27 12:23:31 | 000,188,368 | ---- | C] () -- C:\Documents and Settings\mberube\My Documents\dryer1.jpg
[2010/10/27 12:23:31 | 000,013,933 | ---- | C] () -- C:\Documents and Settings\mberube\My Documents\viewsonic-crt.jpg
[2010/10/27 09:05:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/20 12:13:49 | 000,197,118 | ---- | C] () -- C:\Documents and Settings\mberube\My Documents\erreur.bmp
[2010/10/20 12:08:01 | 000,100,352 | ---- | C] () -- C:\Documents and Settings\mberube\My Documents\LtransDocx.doc
[2010/10/13 23:50:07 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/13 23:50:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/05 12:40:29 | 000,001,302 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2010/09/07 06:42:13 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2010/07/21 08:25:29 | 000,000,018 | ---- | C] () -- C:\WINDOWS\pr1.INI
[2010/05/10 10:09:16 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2010/05/10 10:08:54 | 000,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2010/05/10 10:07:35 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2010/05/10 10:07:35 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
[2010/03/31 10:02:31 | 000,001,643 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2010/02/04 08:32:14 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\entwrd32.dll
[2010/02/04 08:32:14 | 000,002,763 | ---- | C] () -- C:\WINDOWS\Entrust.ini
[2010/02/03 11:41:57 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[2010/01/21 10:38:30 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/01/21 10:38:30 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/01/21 10:38:09 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/01/21 10:38:07 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/01/21 10:38:05 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/10/15 13:47:12 | 000,018,400 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/07/03 14:01:56 | 000,000,161 | ---- | C] () -- C:\WINDOWS\Antidote.ini
[2009/06/15 07:47:45 | 000,000,056 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/06/15 07:47:14 | 000,000,345 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/02/25 09:29:05 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\mberube\Local Settings\Application Data\PUTTY.RND
[2008/05/28 12:31:54 | 000,001,404 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/06 06:18:38 | 000,012,768 | ---- | C] () -- C:\WINDOWS\UN060501.INI
[2007/11/22 13:30:35 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2007/10/25 08:14:14 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/10/25 08:14:14 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/09/12 10:41:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/08/23 09:13:18 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/08/23 09:13:17 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\mberube\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/22 15:04:14 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/08/22 15:04:14 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/20 07:36:49 | 000,000,767 | ---- | C] () -- C:\WINDOWS\btltsrv.ini
[2007/06/04 09:36:58 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/05/30 15:24:08 | 000,000,167 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/05/30 15:23:43 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\mberube\Application Data\PFP100JPR.{PB
[2007/05/30 15:23:43 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\mberube\Application Data\PFP100JCM.{PB
[2007/05/30 15:16:52 | 000,001,041 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/30 15:16:52 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/05/30 15:16:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/05/30 14:54:33 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2007/05/08 10:43:10 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2007/05/08 10:43:09 | 000,459,664 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/08 10:37:52 | 000,021,636 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/05/08 10:37:43 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/05/08 10:37:40 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/03/16 16:00:00 | 000,003,403 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/08/21 14:45:40 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dll
[2004/11/16 19:22:43 | 000,020,480 | ---- | C] () -- C:\WINDOWS\Base64.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/07/10 23:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/10 23:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP