Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Threat: Win32:Rootkit-gen

Started by jclynn67 , Feb 21 2011 10:55 AM

  • This topic is locked This topic is locked

#16
jclynn67
Posted 24 February 2011 - 11:26 PM

jclynn67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
sorry had a death in the family ... will try to wrap my head around this and do these steps soon! Please be patient with me!
  • 0

Advertisements

#17
maliprog
Posted 25 February 2011 - 12:06 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jclynn67,

I'm sorry to hear that :D ...

I'll be here...
  • 0

#18
jclynn67
Posted 28 February 2011 - 08:27 PM

jclynn67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Step 1:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Cathy
->Temp folder emptied: 121708229 bytes
->Temporary Internet Files folder emptied: 167180836 bytes
->Flash cache emptied: 607 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34688 bytes
RecycleBin emptied: 93866535 bytes

Total Files Cleaned = 365.00 mb

Restore points cleared and new OTL Restore Point set!

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Cathy
->Flash cache emptied: 0 bytes

User: Default User

User: Default User.WINDOWS

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.21.0 log created on 02282011_202131

Files\Folders moved on Reboot...
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\RJ8F4B31\xd_proxy[4].php moved successfully.
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\RJ8F4B31\_;ord=0[1] moved successfully.
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\EOPTFAZI\3434617880[1] moved successfully.
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\EOPTFAZI\aceUACping[1].htm moved successfully.
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\EOPTFAZI\CA09U9H2 moved successfully.
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\EOPTFAZI\md[2].php moved successfully.
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\3PWIV50J\296006-threat-win32rootkit-gen[1] moved successfully.
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\3PWIV50J\aceUAC[1].htm moved successfully.
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1H9483Y8\aceUAC[1].htm moved successfully.
C:\Documents and Settings\Cathy\Local Settings\Temporary Internet Files\Content.IE5\1H9483Y8\CA9VJ9K8.php moved successfully.
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...
  • 0

#19
jclynn67
Posted 28 February 2011 - 08:40 PM

jclynn67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
OTL logfile created on: 2/28/2011 8:31:15 PM - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Cathy\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 39.92 Gb Free Space | 71.43% Space Free | Partition Type: NTFS
Drive D: | 481.33 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 18.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ILENE | User Name: Cathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/22 08:12:56 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cathy\Desktop\OTL.scr
PRC - [2011/01/13 02:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/07 15:34:22 | 001,533,288 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
PRC - [2007/08/30 17:43:18 | 004,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2003/03/31 13:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/02/22 08:12:56 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cathy\Desktop\OTL.scr
MOD - [2011/01/13 02:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2007/08/30 17:43:14 | 000,006,144 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\idle.dll
MOD - [2007/08/30 16:17:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Yahoo!\Messenger\msvcr71.dll
MOD - [2003/03/31 13:00:00 | 000,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/13 02:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2003/03/31 13:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)


========== Driver Services (SafeList) ==========

DRV - [2011/01/13 02:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 02:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 02:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 02:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 02:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/05/27 07:34:44 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/01/22 12:09:10 | 000,100,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2001/08/17 06:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2003/03/31 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/11 20:52:02 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/03/31 13:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/06/04 12:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/05/27 09:48:50 | 000,042,166 | R--- | M] () - E:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/03/25 23:57:04 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ea6ebf2a-3d59-11e0-86c7-00c09fac81f9}\Shell - "" = AutoRun
O33 - MountPoints2\{ea6ebf2a-3d59-11e0-86c7-00c09fac81f9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ea6ebf2a-3d59-11e0-86c7-00c09fac81f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008/06/04 12:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/23 07:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathy\DoctorWeb
[2011/02/22 22:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathy\Desktop\Virus Removal Tool
[2011/02/22 22:36:55 | 093,354,704 | ---- | C] ( ) -- C:\Documents and Settings\Cathy\Desktop\setup_9.0.0.722_22.02.2011_22-19.exe
[2011/02/22 21:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathy\Application Data\Malwarebytes
[2011/02/22 21:28:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/22 21:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/22 21:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/02/22 21:28:32 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/22 21:26:43 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2011/02/22 21:03:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/22 08:12:49 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cathy\Desktop\OTL.scr
[2011/02/20 20:32:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Yahoo! Messenger
[2011/02/20 20:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathy\Application Data\Macromedia
[2011/02/20 20:10:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathy\Application Data\Adobe
[2011/02/20 20:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathy\My Documents\Download
[2011/02/20 20:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathy\Application Data\Yahoo!
[2011/02/20 20:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
[2011/02/20 19:53:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Cathy\UserData
[2011/02/20 19:49:11 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/20 19:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avast! Free Antivirus
[2011/02/20 19:49:10 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/20 19:49:10 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/20 19:49:09 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/20 19:49:09 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/20 19:49:09 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/20 19:48:51 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/20 19:48:51 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/20 19:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2011/02/20 19:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathy\Application Data\Smith Micro
[2011/02/20 19:30:29 | 000,621,056 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2011/02/20 19:30:29 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys
[2011/02/20 19:30:29 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/02/20 19:30:29 | 000,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/02/20 19:30:29 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/02/19 16:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathy\Application Data\Identities
[2011/02/19 16:47:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cathy\My Documents\My Pictures
[2011/02/19 16:47:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cathy\My Documents\My Music
[2011/02/19 16:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathy\Local Settings\Application Data\Microsoft
[2011/02/19 16:47:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Cathy\Application Data\Microsoft
[2011/02/19 16:47:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Cathy\Cookies
[2011/02/19 16:47:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cathy\Application Data
[2011/02/19 16:47:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cathy\Favorites
[2011/02/19 16:47:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathy\Desktop
[2011/02/19 16:47:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cathy\SendTo
[2011/02/19 16:47:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cathy\Recent
[2011/02/19 16:47:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cathy\Start Menu\Programs\Startup
[2011/02/19 16:47:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cathy\Start Menu
[2011/02/19 16:47:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cathy\My Documents
[2011/02/19 16:47:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cathy\Start Menu\Programs\Accessories
[2011/02/19 16:47:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Cathy\Templates
[2011/02/19 16:47:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Cathy\PrintHood
[2011/02/19 16:47:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Cathy\NetHood
[2011/02/19 16:47:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Cathy\Local Settings
[2011/02/19 16:42:47 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/02/19 16:42:47 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/02/19 16:42:47 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/02/19 16:41:42 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/02/19 16:40:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users.WINDOWS\DRM
[2011/02/19 16:37:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures
[2011/02/19 16:37:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents\My Music
[2011/02/19 16:37:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools
[2011/02/19 16:36:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
[2011/02/19 16:36:40 | 000,272,896 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/02/19 16:35:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
[2011/02/19 15:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/02/19 15:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/02/19 10:29:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
[2011/02/19 10:29:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu
[2011/02/19 10:29:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users.WINDOWS\Documents
[2011/02/19 10:29:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Templates
[2011/02/19 10:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Favorites
[2011/02/19 10:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Desktop
[2011/02/19 10:28:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2011/02/19 10:28:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data
[2011/02/17 18:14:32 | 000,000,000 | ---D | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2011/02/28 20:29:25 | 000,165,025 | ---- | M] () -- C:\WINDOWS\System32\x
[2011/02/28 20:22:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/28 20:15:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/23 15:43:40 | 000,001,007 | ---- | M] () -- C:\Documents and Settings\Cathy\Desktop\DrWeb.csv
[2011/02/23 07:41:21 | 057,322,240 | ---- | M] () -- C:\Documents and Settings\Cathy\Desktop\drweb-cureit.exe
[2011/02/22 22:05:31 | 093,354,704 | ---- | M] ( ) -- C:\Documents and Settings\Cathy\Desktop\setup_9.0.0.722_22.02.2011_22-19.exe
[2011/02/22 21:28:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/22 21:26:43 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2011/02/22 08:38:57 | 000,296,448 | ---- | M] () -- C:\qsozjo4b.exe
[2011/02/22 08:12:56 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cathy\Desktop\OTL.scr
[2011/02/20 20:32:52 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/02/20 20:32:52 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Yahoo! Messenger.lnk
[2011/02/20 20:28:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ftpupd.exe
[2011/02/20 20:10:37 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Cathy\Desktop\Internet.lnk
[2011/02/20 19:49:11 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2011/02/20 19:49:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/02/20 19:30:46 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Access.lnk
[2011/02/19 16:54:25 | 000,311,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/19 16:54:25 | 000,040,190 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/19 16:48:11 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/19 16:48:10 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/02/19 16:48:05 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/19 16:48:04 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/02/19 16:44:29 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/02/19 16:44:07 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/19 16:43:23 | 000,000,237 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/02/19 16:41:10 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/19 16:41:10 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/02/19 16:41:09 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2011/02/19 16:40:56 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/02/19 16:37:37 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/19 16:34:57 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/19 15:37:22 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys

========== Files Created - No Company Name ==========

[2011/02/28 20:29:25 | 000,165,025 | ---- | C] () -- C:\WINDOWS\System32\x
[2011/02/23 15:43:40 | 000,001,007 | ---- | C] () -- C:\Documents and Settings\Cathy\Desktop\DrWeb.csv
[2011/02/23 07:41:21 | 057,322,240 | ---- | C] () -- C:\Documents and Settings\Cathy\Desktop\drweb-cureit.exe
[2011/02/22 21:28:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/22 08:38:56 | 000,296,448 | ---- | C] () -- C:\qsozjo4b.exe
[2011/02/20 20:32:52 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/02/20 20:32:52 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Yahoo! Messenger.lnk
[2011/02/20 20:28:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ftpupd.exe
[2011/02/20 20:10:37 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Cathy\Desktop\Internet.lnk
[2011/02/20 19:49:11 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2011/02/20 19:30:46 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Access.lnk
[2011/02/20 19:30:42 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Access.lnk
[2011/02/19 16:48:10 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/02/19 16:48:03 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Cathy\Start Menu\Programs\Outlook Express.lnk
[2011/02/19 16:48:00 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/19 16:47:51 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/19 16:47:51 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Cathy\Start Menu\Programs\Internet Explorer.lnk
[2011/02/19 16:47:44 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Cathy\Start Menu\Programs\Remote Assistance.lnk
[2011/02/19 16:47:44 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Cathy\Start Menu\Programs\Windows Media Player.lnk
[2011/02/19 16:44:29 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/02/19 16:43:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/02/19 16:42:41 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/02/19 16:42:22 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/02/19 16:42:16 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/02/19 16:42:15 | 000,196,666 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/02/19 16:42:14 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/02/19 16:42:05 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/02/19 16:41:59 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/02/19 16:41:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/02/19 16:41:44 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/02/19 16:41:13 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/02/19 16:41:11 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/02/19 16:41:10 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/19 16:41:10 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/02/19 16:41:09 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2011/02/19 16:39:26 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/02/19 16:38:47 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2011/02/19 16:38:44 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/02/19 16:38:44 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/02/19 16:38:33 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/02/19 16:38:02 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2011/02/19 16:37:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/19 16:36:47 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MSN Explorer.lnk
[2011/02/19 16:36:26 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/02/19 16:36:26 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/02/19 16:36:26 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/02/19 16:36:26 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/02/19 16:36:26 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/02/19 16:36:26 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/02/19 16:36:26 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/02/19 16:36:26 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/02/19 16:36:26 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/02/19 16:36:25 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/02/19 16:36:25 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/02/19 16:36:23 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/02/19 16:36:23 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/02/19 16:36:21 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/02/19 16:36:09 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/02/19 15:37:22 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/19 10:29:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/02/19 10:29:31 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/02/19 10:29:12 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/02/19 10:29:12 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/02/19 10:29:12 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/02/19 10:29:12 | 000,031,405 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/02/19 10:29:12 | 000,013,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/02/19 10:29:12 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/02/19 10:29:12 | 000,010,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/02/19 10:29:12 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/02/19 10:29:12 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/02/19 10:29:12 | 000,007,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/02/19 10:29:11 | 002,049,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/02/19 10:29:11 | 000,344,390 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/02/19 10:28:17 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/19 10:27:07 | 000,000,237 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2003/03/31 13:00:00 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2003/03/31 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2011/02/20 19:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2011/02/20 19:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Application Data\Smith Micro

========== Purity Check ==========



< End of report >
[2011/02/28 20:30:51 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Cathy\ntuser.dat.LOG
[2011/02/28 20:29:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Cathy\Cookies
[2011/02/28 20:23:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/02/28 20:22:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/28 20:22:01 | 000,786,432 | -H-- | M] () -- C:\Documents and Settings\Cathy\NTUSER.DAT
[2011/02/28 20:22:01 | 000,000,180 | -HS- | M] () -- C:\Documents and Settings\Cathy\ntuser.ini
[2011/02/28 20:15:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/23 16:09:50 | 003,182,368 | -H-- | M] () -- C:\Documents and Settings\Cathy\Local Settings\Application Data\IconCache.db
[2011/02/23 16:05:34 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Cathy\Recent
[2011/02/23 15:43:40 | 000,001,007 | ---- | M] () -- C:\Documents and Settings\Cathy\Desktop\DrWeb.csv
[2011/02/23 15:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Desktop
[2011/02/23 07:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\DoctorWeb
[2011/02/23 07:41:21 | 057,322,240 | ---- | M] () -- C:\Documents and Settings\Cathy\Desktop\drweb-cureit.exe
[2011/02/22 22:24:15 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/22 22:05:31 | 093,354,704 | ---- | M] ( ) -- C:\Documents and Settings\Cathy\Desktop\setup_9.0.0.722_22.02.2011_22-19.exe
[2011/02/22 21:29:04 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Cathy\Application Data
[2011/02/22 21:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Application Data\Malwarebytes
[2011/02/22 21:28:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/22 21:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/22 21:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Desktop
[2011/02/22 21:28:42 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data
[2011/02/22 21:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2011/02/22 12:14:48 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Cathy\My Documents
[2011/02/22 08:12:56 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cathy\Desktop\OTL.scr
[2011/02/20 23:09:22 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2011/02/20 20:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
[2011/02/20 20:32:52 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/02/20 20:32:52 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Yahoo! Messenger.lnk
[2011/02/20 20:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Yahoo! Messenger
[2011/02/20 20:28:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ftpupd.exe
[2011/02/20 20:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Application Data\Yahoo!
[2011/02/20 20:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Application Data\Macromedia
[2011/02/20 20:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Application Data\Adobe
[2011/02/20 20:10:37 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Cathy\Desktop\Internet.lnk
[2011/02/20 20:04:45 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Games
[2011/02/20 19:53:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Cathy\UserData
[2011/02/20 19:49:11 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2011/02/20 19:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avast! Free Antivirus
[2011/02/20 19:49:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/02/20 19:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2011/02/20 19:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Application Data\Smith Micro
[2011/02/20 19:30:46 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Access.lnk
[2011/02/20 19:30:43 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Access.lnk
[2011/02/19 16:54:25 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2011/02/19 16:54:25 | 000,311,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/19 16:54:25 | 000,040,190 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/19 16:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Local Settings\Application Data\Microsoft
[2011/02/19 16:48:11 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/19 16:48:11 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Cathy\Start Menu\Programs\Internet Explorer.lnk
[2011/02/19 16:48:11 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Cathy\Start Menu\Programs\Outlook Express.lnk
[2011/02/19 16:48:11 | 000,000,292 | -HS- | M] () -- C:\Documents and Settings\Cathy\Start Menu\Programs\desktop.ini
[2011/02/19 16:48:11 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Cathy\Favorites
[2011/02/19 16:48:10 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/02/19 16:48:06 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Cathy\Start Menu\Programs\Accessories
[2011/02/19 16:48:05 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/19 16:48:05 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Cathy\Start Menu\Programs\Windows Media Player.lnk
[2011/02/19 16:48:04 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/02/19 16:48:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/02/19 16:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Application Data\Identities
[2011/02/19 16:47:48 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Cathy\SendTo
[2011/02/19 16:47:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Cathy\Application Data\Microsoft
[2011/02/19 16:44:29 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/02/19 16:44:07 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/19 16:43:23 | 000,000,237 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/02/19 16:43:17 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu
[2011/02/19 16:41:17 | 000,001,599 | ---- | M] () -- C:\Documents and Settings\Cathy\Start Menu\Programs\Remote Assistance.lnk
[2011/02/19 16:41:16 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools
[2011/02/19 16:41:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\win.ini
[2011/02/19 16:41:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2011/02/19 16:41:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2011/02/19 16:41:10 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/19 16:41:10 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/02/19 16:41:09 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2011/02/19 16:41:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\DRM
[2011/02/19 16:40:56 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/02/19 16:40:00 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2011/02/19 16:40:00 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2011/02/19 16:39:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2011/02/19 16:39:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2011/02/19 16:39:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2011/02/19 16:39:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2011/02/19 16:39:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2011/02/19 16:39:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2011/02/19 16:39:45 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Accessories
[2011/02/19 16:39:06 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/02/19 16:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/02/19 16:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\System
[2011/02/19 16:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/02/19 16:37:46 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/02/19 16:37:39 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Documents
[2011/02/19 16:37:37 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/19 16:37:24 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2011/02/19 16:37:24 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2011/02/19 16:36:47 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\MSN Explorer.lnk
[2011/02/19 16:36:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2011/02/19 16:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/02/19 16:36:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Cathy\Templates
[2011/02/19 15:31:07 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Designer
[2011/02/19 15:31:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2011/02/19 14:38:18 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2011/02/19 10:29:45 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2011/02/19 10:29:13 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\desktop.ini
[2011/02/19 10:29:13 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
[2011/02/19 10:29:13 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
[2011/02/19 10:29:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Templates
[2011/02/19 10:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Favorites
[2011/02/19 10:29:12 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Cathy\Application Data\desktop.ini
[2011/02/19 10:29:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Cathy\Start Menu\Programs\Startup
[2011/02/19 10:29:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Cathy\Start Menu
[2011/02/19 10:29:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Cathy\PrintHood
[2011/02/19 10:29:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Cathy\NetHood
[2011/02/19 10:29:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Cathy\Local Settings

========== Files - Modified Within 30 Days ==========

[2011/02/28 20:22:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/28 20:15:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/23 15:43:40 | 000,001,007 | ---- | M] () -- C:\Documents and Settings\Cathy\Desktop\DrWeb.csv
[2011/02/23 07:41:21 | 057,322,240 | ---- | M] () -- C:\Documents and Settings\Cathy\Desktop\drweb-cureit.exe
[2011/02/22 22:05:31 | 093,354,704 | ---- | M] ( ) -- C:\Documents and Settings\Cathy\Desktop\setup_9.0.0.722_22.02.2011_22-19.exe
[2011/02/22 21:28:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/22 21:26:43 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2011/02/22 08:38:57 | 000,296,448 | ---- | M] () -- C:\qsozjo4b.exe
[2011/02/22 08:12:56 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cathy\Desktop\OTL.scr
[2011/02/20 20:32:52 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/02/20 20:32:52 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Yahoo! Messenger.lnk
[2011/02/20 20:28:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ftpupd.exe
[2011/02/20 20:10:37 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Cathy\Desktop\Internet.lnk
[2011/02/20 19:49:11 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2011/02/20 19:49:10 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/02/20 19:30:46 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Access.lnk
[2011/02/19 16:54:25 | 000,311,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/19 16:54:25 | 000,040,190 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/19 16:48:11 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/19 16:48:10 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/02/19 16:48:05 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Cathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/19 16:48:04 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2011/02/19 16:44:29 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/02/19 16:44:07 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/19 16:43:23 | 000,000,237 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/02/19 16:41:10 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/19 16:41:10 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/02/19 16:41:09 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2011/02/19 16:40:56 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/02/19 16:37:37 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/19 16:34:57 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/02/19 15:37:22 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys

========== LOP Check ==========

[2011/02/20 19:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2011/02/20 19:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Application Data\Smith Micro

========== Purity Check ==========



< End of report >
  • 0

#20
jclynn67
Posted 28 February 2011 - 08:48 PM

jclynn67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Thank you for being patient with me through the funeral ... these are the last 2 steps you gave me. Please tell me what to do next ... also how do I get all the information together ... it's like I have 2 operating systems and everything is separated ... do I have to redownload and install all she had on here like the microsoft service packs? Explorer? Microsoft Office? etc?

Thanks again for all your help ... Bless you!
  • 0

#21
maliprog
Posted 01 March 2011 - 12:37 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jclynn67,

Please tell me how is your system now? Any changes?
  • 0

#22
jclynn67
Posted 01 March 2011 - 07:40 AM

jclynn67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
The mouse goes crazy at times and if I connect to the internet ... Avast is blocking stuff constantly, which is good it blocks it but why so much? Do I have to download and install all the stuff already on the computer under the other operating system? If I go through my computer then C harddrive its all still there ... but to click on start programs they are not there. Plus only have service pack 1 on the operating system that comes up. Is there any way to delete the new operating system I put on when this all started and be back to normal?

Thanks again for everything!
  • 0

#23
jclynn67
Posted 01 March 2011 - 07:40 AM

jclynn67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
The mouse goes crazy at times and if I connect to the internet ... Avast is blocking stuff constantly, which is good it blocks it but why so much? Do I have to download and install all the stuff already on the computer under the other operating system? If I go through my computer then C harddrive its all still there ... but to click on start programs they are not there. Plus only have service pack 1 on the operating system that comes up. Is there any way to delete the new operating system I put on when this all started and be back to normal?

Thanks again for everything!
  • 0

#24
maliprog
Posted 01 March 2011 - 02:31 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jclynn67,

Regarding your operating system... You didn't do reinstall as you should and this is result. You see all data on C: disk but there is no application installed on your system. Now there is two ways you can do it. First is do reinstall windows with disk format. The other way is to install all application, updates etc. to your current installation. It's up to you to decide.

Please tell me if you want to continue clean up or you are going to reformat disk and reinstall windows. It's up to you...
  • 0

#25
jclynn67
Posted 01 March 2011 - 03:56 PM

jclynn67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Which is the easiest and fastest way? Is there any way to delete the new operating system and have it go back to the old? I don't have all the cd's handy to reinstall everything :D ... if it was you ... what would you do? Is there still viruses on the system to clean up?

Thanks for being so patient and helping me!
  • 0

Advertisements

#26
maliprog
Posted 02 March 2011 - 12:14 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jclynn67,

In my opinion it is best to backup all your data, format the drive and install fresh copy of windows. There is no way to remove just new windows installation. If you need professional help regarding your system please open new topic in Windows XP™, 2000, 2003, NT and they will help you reinstall your system.

Your logs and system are clean. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#27
jclynn67
Posted 02 March 2011 - 07:54 AM

jclynn67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
If I format, everything will be lost and start all over installing everything correct? That is probably the way to go ... hopefully I can find the office program to re-install. If I format do I need to do the other steps you listed?
  • 0

#28
maliprog
Posted 02 March 2011 - 08:03 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jclynn67,

If you format you don't need to do these steps. Also if you format you need to reinstall all application you need. As I sad this is my opinion and I would reformat entire disk. Sorry to say this but I think it is the only way so you can have clean installation and clean application folders on your system. It's up to you...
  • 0

#29
maliprog
Posted 03 March 2011 - 12:59 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP