Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rogue Antivirus Program Downloaded? Showed "Crawler" when View

Started by migarto , Nov 15 2010 08:32 AM

  • Please log in to reply

#1
migarto
Posted 15 November 2010 - 08:32 AM

migarto

    New Member

  • Member
  • Pip
  • 1 posts
My laptop is almost exactly four years old and I've never had a problem with it before. I mostly use it for work (Microsoft Office documents) and the internet (try to avoid what I think are harmful sites and I don't generally download movies or things like that although I did have emule on my system for a while).

A few months ago it seemed like my system was running slower and slower, but I couldn't pinpoint anything. The anti-virus programs I was using were NOD 32, Avast and Spybot, which never detected anything suspicious. I always ran Windows updates but rarely restarted my system except when I needed to run an update. I then stated having a lot of problems with Adobe Flash Player crashing (and then I couldn't download it in Firefox) and I had a hard time viewing my Google calendar in Firefox. I used Firefox exclusively except for 1-2 websites which didn't seem to function properly, in which case I used IE8.

A little knowledge is dangerous, as they say, and about 10 days ago I not only downloaded what I believe was a valid program (CCleaner) but also something that was a rogue anti-virus. Unfortunately, I can't remember the name of the program but I know I downloaded it through Filehippo. I started to get suspicious (wish I had been more suspicious at the beginning!) when I noticed Google seemed different. I got a page that looked like Google but said something like "Crawler" in the banner. I had to leave for the weekend and so shut down my computer and took it with me. I didn't have internet that weekend and decided, well, I think there's something that isn't right with that program I just downloaded, so I uninstalled it. No problem. The next day, however, when I started up the computer and connected to the internet, I was looking at my Google calendar when all of a sudden the system froze and I got the blue screen of death. I tried repeatedly to reboot but was never able to get the system to respond, in any mode (safe or otherwise).

I finally did a complete system recovery using my original operating system disc. In the meantime, I shut off NOD 32 and Spybot, and left Avast as the only anti-virus program. The full system scan refused, and still refuses, to finish. The system hangs up on a file with the name of D:\i386\Apps\App01607\pfiles\msworks\lunchtour.exe, either forcing a reboot or just freezing and forcing me to shut down manually. I tried uninstalling MS Works but that didn't seem to help. I guess I should also add that when I've scanned the C: drive by itself, it comes back clean, so I can narrow down the problem to the D: drive, which is considered the recovery drive on my system.

In addition, I've tried running a full-system scan using the Avira Rescue CD, and the same thing happens. Finally, I tried to run a Malwarebytes full scan with similar results. Quick scans in Avast and Malwarebytes come back clean, as did the scan with Windows Defender. I have only been running one of those programs at a time.

I ran CHKDSK and it came back stating that Windows found problems with the file system and to run CHKDSK /F to correct these. I couldn't get that option to run, even on restart. I tried CHKDSK /R a few times but it gets to some point on my D: drive, stops, and then restarts the system, without giving me a chance to get a good look at the blue screen. I believe it says something about a memory dump.

I also have to add that I already ran all of the Windows Updates in the last few days. I only just read that I probably shouldn't have done that. I can roll back the system again if I need to since at this point there aren't really any files.

I had 99% of my files on an external hard drive which I virus checked and it is coming back clean, but I don't know if I should trust that.

I am actually using my computer now and if I didn't know all this other background stuff, I would think it was fine. That is, I don't notice any OBVIOUS problems now, except for the full anti-virus not running.

Finally, in what may or may not be a related problem, I have no system sound. When I go to the hardware wizard it tells me that it can't update because there may have been a problem with the hardware I installed. In reality, I never installed any sound hardware on this computer, just a microphone to use with Skype.

Thank you for your help. I know you're all volunteers. I am trying to learn as much as I can on my own but you can see where that got me!

Hope you can give me some suggestions as to what is going on.

Thanks,
migarto

OTL logfile created on: 11/15/2010 3:17:46 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 105.00 Mb Available Physical Memory | 10.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 125.74 Gb Free Space | 88.42% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 3.43 Gb Free Space | 50.18% Space Free | Partition Type: FAT32

Computer Name: COMPIUTA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/13 00:07:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2010/11/11 01:15:22 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2010/11/11 01:02:31 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2010/11/11 01:02:31 | 000,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
PRC - [2010/11/11 01:02:31 | 000,169,984 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/10/27 07:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 07:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2004/11/05 16:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/12/17 11:40:22 | 000,049,152 | R--- | M] () -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
PRC - [2002/12/02 20:56:10 | 000,040,960 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


========== Modules (SafeList) ==========

MOD - [2010/11/13 00:07:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/11/05 16:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 01:15:22 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/09/05 21:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2003/03/11 10:04:36 | 000,266,240 | ---- | M] (HP) [Auto | Stopped] -- C:\Documents and Settings\Owner\Local Settings\Temp\hpdj.exe -- (hpdj)


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Owner\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Owner\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/05 21:25:30 | 001,246,456 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/06 14:59:42 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
DRV - [2006/01/23 01:50:00 | 000,244,480 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/11/11 02:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/11 02:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/11/05 16:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/10/08 02:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/10 20:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 20:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/10 20:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/10 20:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/10 20:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/10 20:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 20:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 20:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 20:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/10 20:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 20:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 20:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/10 20:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/10 20:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 20:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2003/01/10 22:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=PTB&M=MX6956

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=MX6956
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.thebreast...faces?siteId=2"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/10 22:55:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/12 10:22:15 | 000,000,000 | ---D | M]

[2010/11/10 22:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/11/14 23:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9dedjag3.default\extensions
[2010/11/14 23:37:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9dedjag3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/10 22:51:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/10 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1289549101328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 10:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 12:39:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/13 00:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/11/13 00:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/11/12 23:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/11/12 18:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/11/12 18:16:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Dropbox
[2010/11/12 18:08:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\English Result Elementary
[2010/11/12 18:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New English File Elementary
[2010/11/12 17:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/11/12 17:01:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/12 17:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/12 17:01:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/12 17:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/12 16:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010/11/12 16:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\AOL Saved PFC
[2010/11/12 11:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2010/11/12 11:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/11/12 10:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/11/12 10:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AOL
[2010/11/12 10:32:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2010/11/12 10:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/11/12 10:18:45 | 001,900,544 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2010/11/12 10:18:45 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
[2010/11/12 10:18:45 | 000,204,800 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2010/11/12 09:50:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/12 09:50:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/11/12 09:50:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/12 09:50:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/11/12 09:46:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/11/12 09:42:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/11/12 09:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/11/11 23:16:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/11/11 23:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/11/11 23:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/11/11 23:16:21 | 000,000,000 | ---D | C] -- C:\2fb7b04eb74d424a69f2329c00a1f607
[2010/11/11 23:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/11/11 13:20:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2010/11/11 13:18:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010/11/11 13:16:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/11/11 13:16:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/11/11 13:15:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/11 13:15:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/11/11 11:54:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/11/11 11:20:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/11/11 01:23:21 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2010/11/11 01:23:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Application Data
[2010/11/11 01:23:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Favorites
[2010/11/11 01:23:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Cookies
[2010/11/11 01:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
[2010/11/11 01:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft
[2010/11/11 01:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Identities
[2010/11/11 01:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/11/11 01:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop
[2010/11/11 01:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[2010/11/11 01:23:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\SendTo
[2010/11/11 01:23:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/11/11 01:23:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu
[2010/11/11 01:23:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[2010/11/11 01:23:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2010/11/11 01:23:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents
[2010/11/11 01:23:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Templates
[2010/11/11 01:23:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\PrintHood
[2010/11/11 01:23:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\NetHood
[2010/11/11 01:23:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Local Settings
[2010/11/11 01:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\WINDOWS
[2010/11/11 01:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2010/11/11 01:15:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/11 01:14:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/11 01:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/11/11 01:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Encarta Plus
[2010/11/11 01:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2010/11/11 01:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/11/11 01:12:13 | 000,000,000 | ---D | C] -- C:\My Music
[2010/11/11 01:12:07 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/11 01:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/11/11 01:12:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/11/11 01:11:56 | 000,102,400 | ---- | C] (4Developers LLC) -- C:\WINDOWS\System32\SimpleRegistry.dll
[2010/11/11 01:11:56 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2010/11/11 01:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/11/11 01:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/11 01:11:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/11/11 01:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2010/11/11 01:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL Downloads
[2010/11/11 01:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2010/11/11 01:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/11/11 01:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/11/11 01:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/11/11 01:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Napster
[2010/11/11 01:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/11/11 01:09:53 | 000,000,000 | ---D | C] -- C:\ses2_client_bin_2_8_13g
[2010/11/11 01:09:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 2006
[2010/11/11 01:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/11 01:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/11/11 01:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/11 01:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\wt
[2010/11/11 01:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent
[2010/11/11 01:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Gateway Games
[2010/11/11 01:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/11 01:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/11 01:06:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/11/11 01:05:59 | 000,185,824 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2010/11/11 01:05:59 | 000,114,688 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCtrl.dll
[2010/11/11 01:05:59 | 000,090,202 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPAPI.dll
[2010/11/11 01:05:59 | 000,081,920 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo2.dll
[2010/11/11 01:05:59 | 000,077,917 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCOM.dll
[2010/11/11 01:05:59 | 000,069,722 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll
[2010/11/11 01:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/11/11 01:05:49 | 000,013,352 | ---- | C] (BigFix, Inc.) -- C:\WINDOWS\BigFixClientOverride.dll
[2010/11/11 01:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\BigFix
[2010/11/11 01:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/11/11 01:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/11/11 01:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/11/11 01:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/11/11 01:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/11/11 01:04:28 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/11/11 01:03:57 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/11/11 01:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/11/11 01:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/11/11 01:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/11/11 00:58:23 | 000,020,480 | ---- | C] (Gateway) -- C:\WINDOWS\System32\Marker32.exe
[2010/11/11 00:54:29 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/11/11 00:53:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\creator
[2010/11/11 00:52:23 | 000,244,480 | ---- | C] (Marvell) -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2010/11/11 00:52:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\SMINST
[2010/11/11 00:52:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\I386
[2010/11/10 23:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/11/10 23:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/10 22:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/11/10 22:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2010/11/10 22:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2010/11/10 22:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
[2010/11/10 22:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/10 22:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/11/10 22:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/11/10 22:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
[2010/11/10 22:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/11/10 22:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/11/10 22:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer
[2010/11/10 22:53:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2010/11/10 22:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2010/11/10 22:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/11/10 22:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/11/10 18:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2010/11/10 18:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/11/10 18:41:02 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/11/10 18:41:02 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/11/10 18:41:02 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/11/10 18:41:02 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/11/10 18:41:01 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/11/10 18:41:01 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/11/10 18:41:01 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/11/10 18:40:54 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/11/10 18:40:53 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/11/10 18:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/11/10 18:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/10 18:09:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/15 15:17:18 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\geeks post.doc
[2010/11/15 14:51:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/15 14:41:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/15 13:06:17 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/15 13:03:26 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/15 13:03:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/15 13:03:12 | 000,138,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/14 23:34:47 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/13 00:53:56 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to OTL.lnk
[2010/11/13 00:42:20 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/12 23:57:12 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/11/12 18:53:29 | 000,164,761 | ---- | M] () -- C:\WINDOWS\hpdj3600.his
[2010/11/12 18:53:29 | 000,010,024 | ---- | M] () -- C:\WINDOWS\hpdj3600.ini
[2010/11/12 18:52:39 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk
[2010/11/12 18:51:11 | 000,001,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3600 printer assistant.lnk
[2010/11/12 18:50:14 | 000,157,628 | ---- | M] () -- C:\WINDOWS\hpdj3600.hi1
[2010/11/12 18:50:14 | 000,009,153 | ---- | M] () -- C:\WINDOWS\hpdj3600.bu1
[2010/11/12 18:16:05 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2010/11/12 18:16:03 | 000,000,994 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2010/11/12 17:01:11 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 16:39:17 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/11/12 11:39:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/11/12 11:38:28 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/11/12 11:09:42 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/12 11:09:42 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/12 10:32:11 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/12 10:32:10 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2010/11/12 10:15:45 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/11/12 09:46:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/12 09:01:20 | 000,024,439 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How-to-update-your-computer-with-the-JPEG-processing.docx
[2010/11/11 13:19:03 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/11 01:23:25 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/11/11 01:23:11 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/11/11 01:23:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\ISP signup reminder 3.job
[2010/11/11 01:23:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\ISP signup reminder 2.job
[2010/11/11 01:17:19 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/11 01:15:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Gateway_MX6956_Rev.1_T3A6941002183.MRK
[2010/11/11 01:15:16 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/11/11 01:12:49 | 000,000,851 | ---- | M] () -- C:\RebootLog.ini
[2010/11/11 01:12:46 | 000,001,210 | -H-- | M] () -- C:\IPH.PH
[2010/11/11 01:12:07 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/11 01:11:20 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/11/11 01:09:41 | 000,000,004 | ---- | M] () -- C:\WINDOWS\Pix11.dat
[2010/11/11 01:08:57 | 000,002,076 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2010/11/11 01:08:57 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Gateway Games.lnk
[2010/11/11 01:08:54 | 000,002,104 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2010/11/11 01:06:46 | 000,000,580 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/11/11 01:06:04 | 000,000,000 | ---- | M] () -- C:\REQUEST_OEMRESET_ENDUSER
[2010/11/11 01:05:46 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\emver.ini
[2010/11/11 01:03:36 | 000,000,002 | ---- | M] () -- C:\AUDIT_INSTALL_IN_PROGRESS
[2010/11/11 01:02:38 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2010/11/11 00:58:24 | 000,000,867 | ---- | M] () -- C:\WINDOWS\System32\VGASwitcher.lnk
[2010/11/11 00:56:19 | 000,000,002 | RHS- | M] () -- C:\USER
[2010/11/11 00:53:15 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2010/11/10 23:00:32 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/10 22:55:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/10 22:52:02 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/10 22:52:02 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/10 18:42:48 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/10 18:41:02 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/10 18:41:01 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/10 18:40:26 | 051,515,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 15:17:17 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\geeks post.doc
[2010/11/13 00:53:56 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to OTL.lnk
[2010/11/12 23:57:12 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/11/12 18:52:39 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk
[2010/11/12 18:51:11 | 000,001,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3600 printer assistant.lnk
[2010/11/12 18:50:42 | 000,157,628 | ---- | C] () -- C:\WINDOWS\hpdj3600.hi1
[2010/11/12 18:50:42 | 000,009,153 | ---- | C] () -- C:\WINDOWS\hpdj3600.bu1
[2010/11/12 18:48:28 | 000,164,761 | ---- | C] () -- C:\WINDOWS\hpdj3600.his
[2010/11/12 18:48:28 | 000,010,024 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2010/11/12 18:16:05 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2010/11/12 18:16:03 | 000,000,994 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2010/11/12 17:01:11 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 16:58:08 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/12 16:39:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/11/12 11:38:28 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/11/12 10:32:11 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/12 09:01:20 | 000,024,439 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How-to-update-your-computer-with-the-JPEG-processing.docx
[2010/11/11 23:10:31 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/11/11 23:10:16 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/11/11 23:09:16 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/11/11 22:50:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/11 12:25:23 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/11/11 01:23:26 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2010/11/11 01:23:21 | 000,002,104 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2010/11/11 01:23:21 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/11/11 01:23:21 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/11 01:23:21 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Gateway Games.lnk
[2010/11/11 01:23:21 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/11/11 01:23:09 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\ISP signup reminder 3.job
[2010/11/11 01:23:09 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\ISP signup reminder 2.job
[2010/11/11 01:17:19 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/11 01:15:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Gateway_MX6956_Rev.1_T3A6941002183.MRK
[2010/11/11 01:15:16 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/11/11 01:11:20 | 000,001,210 | -H-- | C] () -- C:\IPH.PH
[2010/11/11 01:11:20 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/11 01:09:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2010/11/11 01:08:54 | 000,002,076 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2010/11/11 01:05:56 | 000,002,238 | ---- | C] () -- C:\WINDOWS\System32\32-aol.ico
[2010/11/11 01:05:56 | 000,001,406 | ---- | C] () -- C:\WINDOWS\System32\16-aol.ico
[2010/11/11 01:05:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/11 01:03:47 | 000,051,656 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.bmp
[2010/11/11 01:03:47 | 000,000,851 | ---- | C] () -- C:\RebootLog.ini
[2010/11/11 01:03:36 | 000,000,002 | ---- | C] () -- C:\AUDIT_INSTALL_IN_PROGRESS
[2010/11/11 01:02:38 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2010/11/11 00:56:19 | 000,000,002 | RHS- | C] () -- C:\USER
[2010/11/11 00:56:19 | 000,000,000 | ---- | C] () -- C:\REQUEST_OEMRESET_ENDUSER
[2010/11/11 00:53:15 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2010/11/11 00:50:02 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2010/11/10 23:00:32 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/10 22:55:10 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/11/10 22:52:02 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/10 22:52:02 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/11/10 18:42:48 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/10 18:41:05 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/10 18:41:05 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/10 18:41:02 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/11/10 18:40:10 | 051,515,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2006/06/21 10:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/17 10:24:58 | 000,000,580 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 10:24:57 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 03:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/06 05:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/11/10 18:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/11/10 23:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/11/11 01:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/11 01:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/15 15:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2010/11/11 01:23:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
[2010/11/11 01:23:09 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job
[2010/11/15 13:06:17 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

Sorry for the edits but I noticed a couple of file names that I needed to remove. Apologies for not catching that on the first try.

Edited by migarto, 15 November 2010 - 08:39 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP