Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bankerfox.a and Win32/Nuqel.E viruses

Started by Thunder Bird , Dec 28 2010 08:24 PM

  • Please log in to reply

#1
Thunder Bird
Posted 28 December 2010 - 08:24 PM

Thunder Bird

    New Member

  • Member
  • Pip
  • 2 posts
A friend of mine has had her laptop infected with this virus.

I have managed to stop the repeated pop ups but only by putting XP into the "safe mode" and using "system restore" to a date earlier than when the infection occurred.

Prior to using the "safe mode" I was unable to run any programs and it was reported that the file was infected on each occasion and the pop ups were occurring approximately every 5 seconds.

I have now reached a point I can access some of the internet but if I type Avast or AVG the Internet explorer disappears as soon as I press return.

I have tried installing "Malwarebytes" "Avast" and "HiJackThis" from the normal boot up screen and the "Safe Mode" but have been prevented from doing so.

I then installed these programs on a USB memory stick (using another computer) but when I tried to run them on the infected laptop they disappeared from the screen as soon as I tried.

I did manage to get Trend Micro HouseCall loaded and it reported finding TROJ GEN.R42C2LC and TROJ Generic.L03 both of which I have not removed because of warnings about removing other needed files.

Trend Micro also reported lastmon.dll (TROJ gEN.R2EE1HU) which I removed.

I have checked and there is no proxy allocated in Internet Explorer.

I am now at my wits end and I have read so many solutions to this problem non of which work in my case.

Thunder Bird.
  • 0

Advertisements

#2
Thunder Bird
Posted 28 December 2010 - 09:25 PM

Thunder Bird

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi I have since found I can run OTL.

Here is the log file.

OTL logfile created on: 12/29/2010 1:43:18 PM - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 250.00 Mb Available Physical Memory | 50.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): D:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 17.24 Gb Total Space | 11.96 Gb Free Space | 69.38% Space Free | Partition Type: FAT32
Drive D: | 19.99 Gb Total Space | 1.98 Gb Free Space | 9.88% Space Free | Partition Type: FAT32
Drive F: | 3.89 Gb Total Space | 0.41 Gb Free Space | 10.47% Space Free | Partition Type: FAT32

Computer Name: LORRAINES | User Name: Lorraine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/29 13:11:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2008/04/14 09:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2005/04/15 11:01:46 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010/12/29 13:11:52 | 000,602,624 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/24 02:42:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 09:41:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- D:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- D:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/07/25 20:15:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- D:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2009/07/28 12:07:26 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/14 04:15:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2005/04/19 10:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- D:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...49&gct=&gc=1&q=


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1659004503-287218729-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1659004503-287218729-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1659004503-287218729-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1659004503-287218729-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 CE 6F 8F 1A 58 CA 01 [binary data]
IE - HKU\S-1-5-21-1659004503-287218729-725345543-1004\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - D:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKU\S-1-5-21-1659004503-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1659004503-287218729-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/07/08 18:32:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lorraine\Application Data\Mozilla\Extensions
[2009/07/08 18:32:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lorraine\Application Data\Mozilla\Extensions\[email protected]
[2009/04/02 08:02:26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Lorraine\Application Data\Mozilla\Firefox\extensions
[2009/04/02 08:02:26 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Lorraine\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2009/07/25 20:13:24 | 000,000,762 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (ALO) - {506CD401-5203-4B27-BB5A-03C97758FD02} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1659004503-287218729-725345543-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SoundMan] D:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-287218729-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\becbfeddebcbf: DllName - D:\WINDOWS\system32\becbfeddebcbf.dll - D:\WINDOWS\system32\becbfeddebcbf.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - D:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\Lorraine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Lorraine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/27 17:53:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{3190ca84-fb27-11de-b6f3-000ae4ef1938}\Shell\Auto\command - "" = F:\Start.exe -- File not found
O33 - MountPoints2\{3190ca84-fb27-11de-b6f3-000ae4ef1938}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cd92ec8a-ecd3-11de-b6e3-000ae4ef1938}\Shell - "" = AutoRun
O33 - MountPoints2\{cd92ec8a-ecd3-11de-b6e3-000ae4ef1938}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9cb837e-123f-11e0-b7e5-000ae4ef1938}\Shell - "" = AutoRun
O33 - MountPoints2\{f9cb837e-123f-11e0-b7e5-000ae4ef1938}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\W\Shell - "" = AutoRun
O33 - MountPoints2\W\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\W\Shell\AutoRun\command - "" = W:\RunGame.exe -- File not found
O33 - MountPoints2\X\Shell - "" = AutoRun
O33 - MountPoints2\X\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\X\Shell\AutoRun\command - "" = X:\RunGame.exe -- File not found
O33 - MountPoints2\Y\Shell - "" = AutoRun
O33 - MountPoints2\Y\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Y\Shell\AutoRun\command - "" = Y:\RunGame.exe -- File not found
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - D:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - D:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/29 09:34:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Lorraine\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/29 09:33:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- D:\Documents and Settings\Lorraine\Desktop\HijackThis.exe
[2010/12/28 13:58:02 | 000,974,848 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mfc42.dll
[2010/12/28 13:58:02 | 000,953,856 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/12/28 13:26:39 | 000,040,960 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/28 13:22:56 | 000,617,472 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\comctl32.dll
[2010/12/28 13:21:21 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\deployJava1.dll
[2010/12/28 13:21:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaws.exe
[2010/12/28 13:21:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaw.exe
[2010/12/28 13:21:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\java.exe
[2010/12/28 13:11:37 | 000,045,568 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\wab.exe
[2010/12/28 11:29:10 | 000,000,000 | ---D | C] -- D:\WINDOWS\Prefetch
[2010/12/28 11:12:56 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\scripting
[2010/12/28 11:12:55 | 000,000,000 | ---D | C] -- D:\WINDOWS\l2schemas
[2010/12/28 11:12:54 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\en
[2010/12/28 11:12:54 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\bits
[2010/12/28 11:07:07 | 000,000,000 | ---D | C] -- D:\WINDOWS\network diagnostic
[2010/12/28 11:01:32 | 000,000,000 | -H-D | C] -- D:\WINDOWS\$NtServicePackUninstall$
[2010/12/28 11:01:30 | 000,000,000 | ---D | C] -- D:\WINDOWS\EHome
[2010/12/28 10:52:41 | 000,012,160 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mouhid.sys
[2010/12/28 10:50:58 | 000,000,000 | ---D | C] -- D:\Config.Msi
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/29 11:26:50 | 000,026,112 | ---- | M] () -- D:\Documents and Settings\Lorraine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/29 10:57:58 | 000,312,172 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/12/29 10:57:58 | 000,040,394 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/12/29 10:53:40 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/12/29 09:29:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- D:\Documents and Settings\Lorraine\Desktop\HijackThis.exe
[2010/12/29 09:21:38 | 000,109,386 | ---- | M] () -- D:\Documents and Settings\Lorraine\Desktop\Task Manager.jpg
[2010/12/29 09:05:38 | 000,001,393 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2010/12/29 08:49:28 | 000,094,528 | ---- | M] () -- D:\Documents and Settings\Lorraine\Desktop\House Call.jpg
[2010/12/29 08:48:50 | 000,000,672 | ---- | M] () -- D:\Documents and Settings\Lorraine\Application Data\Microsoft\Internet Explorer\Quick Launch\Capture-A-ScreenShot.lnk
[2010/12/29 08:48:50 | 000,000,654 | ---- | M] () -- D:\Documents and Settings\Lorraine\Desktop\Capture-A-ScreenShot.lnk
[2010/12/29 08:45:34 | 000,635,029 | ---- | M] () -- D:\Documents and Settings\Lorraine\Desktop\cassetup.exe
[2010/12/29 07:59:20 | 000,000,036 | ---- | M] () -- D:\Documents and Settings\Lorraine\Local Settings\Application Data\housecall.guid.cache
[2010/12/29 06:33:10 | 002,085,512 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/28 12:54:02 | 045,842,200 | ---- | M] () -- D:\Documents and Settings\Lorraine\Desktop\setup_av_free_eng(2).exe
[2010/12/28 11:55:40 | 000,013,730 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/12/28 11:30:42 | 000,000,708 | ---- | M] () -- D:\Documents and Settings\Lorraine\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/12/28 11:30:40 | 000,316,640 | ---- | M] () -- D:\WINDOWS\WMSysPr9.prx
[2010/12/22 03:34:16 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Lorraine\Desktop\mbam-setup-1.50.1.1100.exe
[2010/12/20 17:05:02 | 000,028,672 | ---- | M] () -- D:\Documents and Settings\Lorraine\Desktop\program sheet 3.doc
[2010/12/20 16:30:18 | 000,029,184 | ---- | M] () -- D:\Documents and Settings\Lorraine\Desktop\program sheet 2.doc
[2010/12/20 16:10:36 | 000,028,160 | ---- | M] () -- D:\Documents and Settings\Lorraine\Desktop\program sheet 1.doc
[2010/12/13 17:35:34 | 000,002,483 | ---- | M] () -- D:\Documents and Settings\Lorraine\Desktop\Microsoft Word.lnk
[2010/12/13 17:06:26 | 000,029,696 | ---- | M] () -- D:\Documents and Settings\Lorraine\Desktop\program sheet 1 program 5.doc
[2010/12/11 09:07:00 | 000,258,048 | ---- | M] () -- D:\Documents and Settings\Lorraine\Local Settings\Application Data\388223305.exe
[5 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/29 09:21:36 | 000,109,386 | ---- | C] () -- D:\Documents and Settings\Lorraine\Desktop\Task Manager.jpg
[2010/12/29 08:49:27 | 000,094,528 | ---- | C] () -- D:\Documents and Settings\Lorraine\Desktop\House Call.jpg
[2010/12/29 08:48:48 | 000,000,672 | ---- | C] () -- D:\Documents and Settings\Lorraine\Application Data\Microsoft\Internet Explorer\Quick Launch\Capture-A-ScreenShot.lnk
[2010/12/29 08:48:48 | 000,000,654 | ---- | C] () -- D:\Documents and Settings\Lorraine\Desktop\Capture-A-ScreenShot.lnk
[2010/12/29 08:47:13 | 000,635,029 | ---- | C] () -- D:\Documents and Settings\Lorraine\Desktop\cassetup.exe
[2010/12/29 07:59:19 | 000,000,036 | ---- | C] () -- D:\Documents and Settings\Lorraine\Local Settings\Application Data\housecall.guid.cache
[2010/12/28 13:22:08 | 045,842,200 | ---- | C] () -- D:\Documents and Settings\Lorraine\Desktop\setup_av_free_eng(2).exe
[2010/12/11 09:06:57 | 000,258,048 | ---- | C] () -- D:\Documents and Settings\Lorraine\Local Settings\Application Data\388223305.exe
[2009/07/28 12:07:23 | 000,721,904 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys
[2009/07/13 15:59:31 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2009/07/05 14:50:12 | 000,000,384 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/07/05 14:49:08 | 000,077,824 | ---- | C] () -- D:\WINDOWS\System32\hpzids01.dll
[2009/07/05 14:37:21 | 000,156,672 | ---- | C] () -- D:\WINDOWS\System32\RtlCPAPI.dll
[2009/03/29 15:45:21 | 000,026,112 | ---- | C] () -- D:\Documents and Settings\Lorraine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/27 17:38:24 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2008/04/06 21:52:12 | 000,312,847 | ---- | C] () -- D:\WINDOWS\System32\becbfeddebcbf.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 09:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\explorer.exe
[2008/04/14 09:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 09:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
[2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- D:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 09:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 09:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[2008/04/14 09:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP