Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with Trojan.FakeAlertRP.Ge and PUM.Bad.Proxy.

Started by swingline60 , May 03 2011 09:45 PM

  • Please log in to reply

#1
swingline60
Posted 03 May 2011 - 09:45 PM

swingline60

    Member

  • Member
  • PipPip
  • 15 posts
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6501

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/3/2011 7:49:05 PM
mbam-log-2011-05-03 (19-49-05).txt

Scan type: Quick scan
Objects scanned: 188049
Time elapsed: 17 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jmfgcvjx (Trojan.FakeAlertRP.Gen) -> Value: jmfgcvjx -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Documents and Settings\Owner\Local Settings\temp\ijbnwywoh\robfddjxsik.exe (Trojan.FakeAlertRP.Gen) -> Delete on reboot.
c:\documents and settings\Owner\local settings\temp\bpokpycts\jekagbdxsik.exe (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\temporary internet files\Content.IE5\PVE6FR7Q\about[1].exe (Trojan.FakeAlertRP.Gen) -> Quarantined and deleted successfully.




OTL logfile created on: 5/3/2011 8:22:59 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 105.00 Mb Available Physical Memory | 27.00% Memory free
920.00 Mb Paging File | 677.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 3.60 Gb Free Space | 9.66% Space Free | Partition Type: NTFS
Drive E: | 4.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: KININ-FEYTDUJ4N | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/03 20:12:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2011/04/12 17:51:02 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/23 01:30:31 | 000,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe


========== Modules (SafeList) ==========

MOD - [2011/05/03 20:12:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2007/09/23 01:30:31 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)


========== Driver Services (SafeList) ==========

DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2007/10/14 15:09:30 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/09/23 01:30:31 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2006/02/20 18:59:36 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex)
DRV - [2006/02/20 18:59:34 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm)
DRV - [2006/02/20 18:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM)
DRV - [2006/02/20 18:59:32 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl)
DRV - [2006/02/20 18:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus) Sony Ericsson W810 Driver driver (WDM)
DRV - [2003/01/15 14:45:06 | 000,042,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/10/09 10:50:52 | 000,170,499 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/10/09 10:50:16 | 001,175,536 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/10/09 10:44:10 | 000,604,240 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/09/18 12:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us,ar-sy;q=0.7,ar-SA;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 7B 2A 14 B8 F4 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://en-US.start2....en-US:official"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.7
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {7f57cf46-4467-4c2d-adfa-0cba7c507e54}:0.19.3.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.99
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..network.proxy.autoconfig_url: "http://201.6.146.2:1080/"
FF - prefs.js..network.proxy.socks: "201.6.146.2:1080"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/03 03:43:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/28 03:51:09 | 000,000,000 | ---D | M]

[2008/12/30 19:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/05/02 04:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions
[2010/01/29 23:29:21 | 000,000,000 | ---D | M] ("FxIF") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2009/09/02 04:20:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/29 15:37:44 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/02/13 16:56:48 | 000,000,000 | ---D | M] (GameFOX) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2010/07/08 19:11:47 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/29 15:37:45 | 000,000,000 | ---D | M] (Page Title Eraser) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{791DB184-BFBA-11DA-9C61-0638DF403F48}
[2010/06/26 03:50:15 | 000,000,000 | ---D | M] (Mozilla Archive Format) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{7f57cf46-4467-4c2d-adfa-0cba7c507e54}
[2010/03/25 03:05:53 | 000,000,000 | ---D | M] (4chan) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010/05/20 05:09:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/02 09:01:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/05/20 05:09:57 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/11/29 15:38:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/05/20 05:09:50 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2010/06/26 03:50:20 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2011/04/24 08:45:45 | 000,000,000 | ---D | M] (PhZilla) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jx3n3hqb.default\extensions\amin.eft_PhProxy@gmail(2).com
[2011/05/02 04:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/28 03:51:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/02 07:36:48 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOVE NETWORKS
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/08 15:15:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Easy Dock] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.1)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1176505990734 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} http://fpdownload2.m...ash/swflash.cab (RealPlayer G2 Control)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/12 21:29:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/06/28 04:21:58 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{12ac475f-c2ca-11de-b18f-000874c5e79d}\Shell - "" = AutoRun
O33 - MountPoints2\{12ac475f-c2ca-11de-b18f-000874c5e79d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{12ac475f-c2ca-11de-b18f-000874c5e79d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \R-Undelete\r-undelete.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/17 17:47:50 | 000,000,000 | -HSD | C] -- C:\found.002
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/03 19:58:46 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/03 19:57:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/03 19:57:36 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/03 19:57:23 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-57989841-1450960922-725345543-1003.job
[2011/05/03 19:57:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/03 19:33:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/03 13:34:50 | 000,709,456 | ---- | M] () -- C:\WINDOWS\is-O2379.exe
[2011/05/03 13:34:50 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-O2379.msg
[2011/05/03 13:34:50 | 000,000,399 | ---- | M] () -- C:\WINDOWS\is-O2379.lst
[2011/05/03 08:29:05 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1450960922-725345543-1003UA.job
[2011/05/02 20:29:07 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1450960922-725345543-1003Core.job
[2011/05/01 18:40:53 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2011/05/01 07:44:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-1450960922-725345543-1003.job
[2011/04/30 22:08:45 | 000,125,801 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\qmd.pdf
[2011/04/26 08:27:31 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/03 13:34:50 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-O2379.exe
[2011/05/03 13:34:50 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-O2379.msg
[2011/05/03 13:34:50 | 000,000,399 | ---- | C] () -- C:\WINDOWS\is-O2379.lst
[2011/04/30 22:09:34 | 000,125,801 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\qmd.pdf
[2010/11/26 02:36:52 | 000,000,092 | ---- | C] () -- C:\WINDOWS\EasyFitness.ini
[2010/11/26 02:36:13 | 000,000,066 | ---- | C] () -- C:\WINDOWS\EasyRip.ini
[2010/06/28 04:28:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/06/21 20:35:15 | 000,000,129 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/17 17:07:03 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/09/24 14:10:31 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2008/05/13 02:02:00 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/05/13 00:18:55 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/05/13 00:18:55 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/05/13 00:13:37 | 000,000,212 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/05/13 00:13:37 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/05/13 00:13:37 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2008/05/13 00:12:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2008/05/13 00:10:31 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/12/27 01:18:56 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/05 21:39:24 | 000,000,006 | ---- | C] () -- C:\WINDOWS\System32\flmc.dat
[2007/06/30 16:30:34 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/30 16:30:34 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/25 20:26:02 | 000,001,287 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/06/25 20:25:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/06/20 22:36:14 | 000,034,500 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2007/05/15 00:31:00 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2007/05/15 00:31:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31c.exe
[2007/05/15 00:31:00 | 000,071,168 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31s.exe
[2007/05/15 00:31:00 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2007/05/15 00:31:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2007/05/06 19:05:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2007/04/24 21:01:05 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4b.DLL
[2007/04/22 20:26:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/21 23:37:26 | 000,075,776 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/13 16:31:51 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/04/12 21:32:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/12 21:26:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/11 23:17:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/11 23:16:07 | 000,206,512 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/09/03 10:17:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 10:16:59 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/09/03 09:52:01 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/09/03 09:52:00 | 000,441,942 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/09/03 09:51:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/09/03 09:51:54 | 000,071,752 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/09/03 09:49:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/09/03 09:41:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/09/03 09:41:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/09/03 09:32:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/09/03 09:30:33 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/09/18 12:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\bmpproc.dll
[2001/09/18 12:00:00 | 000,032,528 | ---- | C] () -- C:\WINDOWS\amcap.exe
[2000/11/10 15:57:04 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat

========== LOP Check ==========

[2008/05/13 00:09:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/07/07 04:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/09 00:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
[2010/09/29 00:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2010/06/06 02:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Chan Thread Watch
[2008/06/04 22:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\COWON
[2010/06/22 07:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2009/05/29 16:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2007/04/24 21:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/10/16 18:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mipony
[2009/06/30 22:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NavNet Solutions
[2010/12/17 07:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PhotoFiltre
[2009/11/24 09:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\REAPER
[2008/07/01 00:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2010/09/28 05:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2007/07/14 19:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Teleca
[2011/02/01 23:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/04/30 22:24:58 | 000,027,648 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\????? ???? ????? ??? ??????? ?? ??? ????? ? ??? ?? ????? ?????? ?????????? ?????? ? ???? ???? ???????? ??? ?? ? ???????.doc) -- C:\Documents and Settings\Owner\My Documents\66.doc
[2011/04/15 07:44:21 | 000,027,648 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\????? ???? ????? ??? ??????? ?? ??? ????? ? ??? ?? ????? ?????? ?????????? ?????? ? ???? ???? ???????? ??? ?? ? ???????.doc) -- C:\Documents and Settings\Owner\My Documents\66.doc
[2010/02/28 20:35:15 | 000,058,368 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\?????? ?????? ???? ?????? ??????-????.doc) -- C:\Documents and Settings\Owner\My Documents\5.doc
[2010/02/28 20:35:15 | 000,058,368 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\?????? ?????? ???? ?????? ??????-????.doc) -- C:\Documents and Settings\Owner\My Documents\5.doc
[2009/05/15 21:37:28 | 000,033,280 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\??? ??????? ? ????????.doc) -- C:\Documents and Settings\Owner\My Documents\ة.doc
[2009/04/30 22:56:30 | 000,038,912 | ---- | M] ()(C:\Documents and Settings\Owner\Desktop\????.doc) -- C:\Documents and Settings\Owner\Desktop\3.doc
[2009/04/30 22:56:29 | 000,038,912 | ---- | C] ()(C:\Documents and Settings\Owner\Desktop\????.doc) -- C:\Documents and Settings\Owner\Desktop\أ3.doc
[2009/04/14 07:02:01 | 000,041,472 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\????? -?????.doc) -- C:\Documents and Settings\Owner\My Documents\2.doc
[2008/12/12 00:49:24 | 000,028,672 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\????? ????? ?? ??? ???????.doc) -- C:\Documents and Settings\Owner\My Documents\1.doc
[2008/12/12 00:49:24 | 000,028,672 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\????? ????? ?? ??? ???????.doc) -- C:\Documents and Settings\Owner\My Documents\و5.doc
[2008/05/16 14:36:34 | 000,029,184 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\?????.doc 123.doc) -- C:\Documents and Settings\Owner\My Documents\ر6.doc 123.doc
[2008/05/16 14:36:34 | 000,029,184 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\?????.doc 123.doc) -- C:\Documents and Settings\Owner\My Documents\6.doc 123.doc
[2008/03/31 13:48:02 | 000,041,472 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\????? -?????.doc) -- C:\Documents and Settings\Owner\My Documents\7.doc
[2008/02/26 12:22:52 | 000,034,304 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\?? ???? ?????? ????????.doc) -- C:\Documents and Settings\Owner\My Documents\7.doc
[2008/02/04 12:43:04 | 000,034,304 | ---- | C] ()(C:\Documents and Settings\Owner\My Documents\?? ???? ?????? ????????.doc) -- C:\Documents and Settings\Owner\My Documents\7.doc
[2006/02/01 21:51:08 | 000,033,280 | ---- | M] ()(C:\Documents and Settings\Owner\My Documents\??? ??????? ? ????????.doc) -- C:\Documents and Settings\Owner\My Documents\7.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Edited by swingline60, 04 May 2011 - 05:41 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP