Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus wiping out my computer

Started by jojo831 , Apr 20 2011 10:32 AM

  • Please log in to reply

#1
jojo831
Posted 20 April 2011 - 10:32 AM

jojo831

    Member

  • Member
  • PipPip
  • 72 posts
Has taking awhile to get to this point cause 2 days ago a program called windows recovery popped up and started running scan of my computer telling me I had alot of major things that needed fixed then wanted to charge me to fix it. ran malwarebytes and superanitspy ware several times each finding 15 different virus most of them trojan. Ran Avg it did not find anything Lost alot of the icons on the desk top ( some of which returned after running OTL ) went into start to click on all programs told me it was empty. Computer moves slow anyway needs more memory but moving even slower. Also have script errors poping up now. and the url has nothing to do with where u r at at the time they even pop up when u r on the desk top and not on a web page. Checked and script errors r disabled.


OTL logfile created on: 4/20/2011 10:21:51 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\JoAnn\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 42.00 Mb Available Physical Memory | 16.00% Memory free
796.00 Mb Paging File | 162.00 Mb Available in Paging File | 20.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 19.59 Gb Free Space | 58.09% Space Free | Partition Type: NTFS

Computer Name: D3TJKK51 | User Name: JoAnn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/20 10:21:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JoAnn\Desktop\OTL.exe
PRC - [2010/12/14 16:02:18 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/10 01:44:22 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/09/09 04:46:42 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/09/07 03:50:14 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/20 10:21:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JoAnn\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AMPingService)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/08/27 15:25:22 | 000,488,776 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/24 07:55:41 | 000,103,552 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\qscnusb.sys -- (MobileAdapter)
DRV - [2008/04/13 23:04:34 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2008/04/13 23:04:32 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2008/04/13 23:04:30 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2008/04/13 23:04:30 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2008/04/13 23:04:30 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2008/04/13 23:04:30 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2008/04/13 23:04:28 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2008/04/13 23:04:28 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2008/04/13 23:04:28 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2008/04/13 23:04:28 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2008/04/13 23:04:16 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/21 08:40:15 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/08/21 08:34:48 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/05/23 13:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/08/11 14:55:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/11 14:55:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/22 09:26:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/07 17:34:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.51.219.21 72.51.219.22
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\JoAnn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JoAnn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bfb59a10-069f-11e0-b00d-000f1f4d1de5}\Shell - "" = AutoRun
O33 - MountPoints2\{bfb59a10-069f-11e0-b00d-000f1f4d1de5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bfb59a10-069f-11e0-b00d-000f1f4d1de5}\Shell\AutoRun\command - "" = G:\HWPcAssistant.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\HWPcAssistant.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/20 10:21:10 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JoAnn\Desktop\OTL.exe
[2011/04/19 09:53:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\JoAnn\Recent
[2011/04/18 22:32:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\JoAnn\Start Menu\Programs\Windows Recovery
[2011/04/14 18:41:07 | 000,000,000 | ---D | C] -- C:\996d386349f2880514fa
[2011/04/14 10:01:59 | 000,000,000 | -HSD | C] -- C:\found.001
[2011/04/05 03:11:02 | 000,000,000 | -HSD | C] -- C:\found.000

========== Files - Modified Within 30 Days ==========

[2011/04/20 10:21:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JoAnn\Desktop\OTL.exe
[2011/04/20 09:03:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/19 08:36:45 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18472756
[2011/04/19 08:10:38 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19849012
[2011/04/19 08:10:06 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19849012r
[2011/04/19 07:35:42 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19849012
[2011/04/18 22:32:16 | 000,000,813 | -H-- | M] () -- C:\Documents and Settings\JoAnn\Desktop\Windows Recovery.lnk
[2011/04/18 22:23:28 | 000,116,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\790F.sys
[2011/04/15 22:33:12 | 000,553,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 22:21:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/14 19:29:53 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/04/14 19:29:53 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/04/13 21:23:22 | 000,115,011 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/03/29 13:24:42 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/03/23 04:24:14 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/04/19 08:36:45 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18472756
[2011/04/18 22:34:50 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19849012r
[2011/04/18 22:34:49 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19849012
[2011/04/18 22:32:16 | 000,000,813 | -H-- | C] () -- C:\Documents and Settings\JoAnn\Desktop\Windows Recovery.lnk
[2011/04/18 22:31:56 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19849012
[2011/04/18 22:23:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\790F.sys
[2011/02/25 00:51:11 | 000,004,284 | -H-- | C] () -- C:\Documents and Settings\JoAnn\Local Settings\Application Data\prvlcl.dat
[2010/10/04 22:38:34 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysInfo.dll
[2010/10/04 22:27:47 | 000,033,792 | -H-- | C] () -- C:\Documents and Settings\JoAnn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/11 19:11:06 | 000,019,518 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/08/11 16:13:18 | 000,012,858 | ---- | C] () -- C:\WINDOWS\hpwscr14.dat
[2010/08/11 16:06:51 | 000,179,779 | ---- | C] () -- C:\WINDOWS\hpwins14.dat
[2010/08/11 16:06:50 | 000,001,108 | ---- | C] () -- C:\WINDOWS\hpwmdl14.dat
[2010/06/05 20:34:46 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/27 11:37:32 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\JoAnn\Local Settings\Application Data\housecall.guid.cache
[2010/03/06 11:27:19 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\JoAnn\Application Data\PFP120JPR.{PB
[2010/03/06 11:27:19 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\JoAnn\Application Data\PFP120JCM.{PB
[2010/02/24 11:49:47 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/21 08:44:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/21 08:39:04 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/08/21 08:33:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/21 08:33:31 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/21 08:20:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/08/21 08:18:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/21 08:18:54 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/08/21 08:18:54 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/08/21 08:18:41 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/21 07:57:04 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/05/26 16:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/05/11 11:03:20 | 000,553,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/11 11:02:24 | 000,000,836 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/11/14 13:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 13:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 13:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 13:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 13:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT

========== LOP Check ==========

[2010/11/01 18:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/10/15 14:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/15 14:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/04 22:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlazeVideo
[2010/10/15 14:24:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/15 14:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/08/11 14:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/05/03 09:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/03/27 14:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/08/21 08:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/24 14:02:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JoAnn\Application Data\Auslogics
[2010/10/15 14:28:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JoAnn\Application Data\AVG10
[2010/03/06 14:09:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JoAnn\Application Data\Clip Art Collection
[2010/04/29 12:07:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JoAnn\Application Data\E-centives
[2010/07/09 08:05:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JoAnn\Application Data\Leadertech
[2010/03/25 16:01:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JoAnn\Application Data\Uniblue
[2010/02/18 18:58:03 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP