Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vista 2011 virus


  • Please log in to reply

#1
jupe

jupe

    New Member

  • Member
  • Pip
  • 7 posts
Hi,
I need some help removing malware from my daughters laptop. Yesterday she encounted the Vista 2011 virus while on the net. Since then we've installed virus protection (altho, too late of course. oops), and have run Malwarebytes. Norton and Malwarebytes both picked up a few trojans and removed them, but there are issues that haven't been resolved. Any help would be totally appreciated! Thanks so much! =)

OTL to follow:

OTL logfile created on: 5/5/2011 3:46:23 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chl\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.22 Gb Total Space | 27.32 Gb Free Space | 27.53% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.39 Gb Free Space | 63.94% Space Free | Partition Type: NTFS
Drive E: | 16.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHLOESOLEIL | User Name: Chl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 15:44:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chl\Desktop\OTL.exe
PRC - [2011/03/19 11:29:58 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
PRC - [2011/03/01 17:22:37 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.2.1\ccSvcHst.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/04 02:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 02:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 02:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 02:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/02/22 15:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/12/21 08:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 04:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 04:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 04:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 11:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 11:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/05/05 15:44:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chl\Desktop\OTL.exe
MOD - [2011/03/24 15:41:57 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.0.2.1\asOEHook.dll
MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.2.1\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\5.0.2.1\Microsoft.VC90.CRT\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.0.2.1\ccSvcHst.exe -- (N360)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/07/03 07:58:05 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 04:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 04:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 11:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/05/04 22:01:32 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/05/04 01:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110505.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/04 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/04 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/04 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110505.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/04/30 01:44:12 | 000,802,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110430.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/03/14 11:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110504.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/11/30 21:23:59 | 000,330,360 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/11/22 20:08:31 | 000,509,560 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SRTSP.SYS -- (SRTSP)
DRV - [2010/11/22 20:08:31 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/11/17 18:59:55 | 000,652,336 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SYMEFA.SYS -- (SymEFA)
DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0500020.001\Ironx86.SYS -- (SymIRON)
DRV - [2010/10/20 18:28:36 | 000,340,016 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0500020.001\SYMDS.SYS -- (SymDS)
DRV - [2008/05/04 02:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 00:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/01/20 19:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/11/12 04:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 09:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 09:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 09:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=0080703
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/05/04 22:02:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn\ [2011/05/04 22:01:01 | 000,000,000 | ---D | M]

[2010/12/18 18:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chl\AppData\Roaming\mozilla\Extensions
[2010/12/18 18:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chl\AppData\Roaming\mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/05/04 20:52:29 | 000,433,906 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14935 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.0.2.1\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.0.2.1\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.2.1\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.0.2.1\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [DW6] File not found
O4 - HKCU..\Run: [Google Update] File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.99.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img32.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8b01465b-48e2-11dd-90aa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8b01465b-48e2-11dd-90aa-806e6f6e6963}\Shell\AutoRun\command - "" = E:\StudentWorks.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 15:44:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chl\Desktop\OTL.exe
[2011/05/04 22:27:30 | 000,458,096 | ---- | C] (McAfee Inc.) -- C:\Users\Chl\Desktop\MVTInstaller.exe
[2011/05/04 22:27:20 | 008,134,663 | ---- | C] (McAfee Inc.) -- C:\Users\Chl\Desktop\stinger10101546.exe
[2011/05/04 22:01:32 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/05/04 22:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/05/04 22:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/04 22:01:29 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\symtdiv.sys
[2011/05/04 22:01:29 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\symnets.sys
[2011/05/04 22:01:28 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\SymEFA.sys
[2011/05/04 22:01:28 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\srtsp.sys
[2011/05/04 22:01:28 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\SymDS.sys
[2011/05/04 22:01:28 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\Ironx86.sys
[2011/05/04 22:01:28 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500020.001\srtspx.sys
[2011/05/04 22:01:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011/05/04 22:01:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500020.001
[2011/05/04 22:01:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011/05/04 22:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/05/04 22:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/05/04 22:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/05/04 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Chl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2011/05/04 21:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/05/04 21:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/05/04 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/05/04 21:28:37 | 000,000,000 | ---D | C] -- C:\Users\Chl\AppData\Roaming\Malwarebytes
[2011/05/04 21:28:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/04 21:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/04 21:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/04 21:28:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/04 21:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/18 18:30:31 | 000,000,000 | ---D | C] -- C:\Users\Chl\AppData\Roaming\Media Player Classic
[2011/04/18 18:26:48 | 000,000,000 | ---D | C] -- C:\Users\Chl\AppData\Local\Powercinema

========== Files - Modified Within 30 Days ==========

[2011/05/05 15:44:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chl\Desktop\OTL.exe
[2011/05/05 14:57:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/05 14:54:29 | 000,000,134 | ---- | M] () -- C:\Users\Chl\Desktop\Internet Explorer Troubleshooting.url
[2011/05/05 14:11:00 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/05 14:11:00 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/05 14:05:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 14:05:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 14:05:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 14:04:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/05 14:04:17 | 3745,603,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/05 11:34:06 | 000,000,017 | ---- | M] () -- C:\Users\Chl\Desktop\stinger10101546.opt
[2011/05/04 22:27:35 | 000,458,096 | ---- | M] (McAfee Inc.) -- C:\Users\Chl\Desktop\MVTInstaller.exe
[2011/05/04 22:27:20 | 008,134,663 | ---- | M] (McAfee Inc.) -- C:\Users\Chl\Desktop\stinger10101546.exe
[2011/05/04 22:02:20 | 002,076,412 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500020.001\Cat.DB
[2011/05/04 22:01:32 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/05/04 22:01:32 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/05/04 22:01:32 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/05/04 22:01:30 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/05/04 21:50:03 | 000,000,843 | ---- | M] () -- C:\Users\Chl\Desktop\Norton Installation Files.lnk
[2011/05/04 21:47:40 | 000,000,814 | ---- | M] () -- C:\Users\Chl\Desktop\SpywareBlaster.lnk
[2011/05/04 21:28:33 | 000,000,932 | ---- | M] () -- C:\Users\Chl\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/04 21:28:33 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/04 20:52:29 | 000,433,906 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/04 20:21:44 | 000,009,264 | -HS- | M] () -- C:\Users\Chl\AppData\Local\i2152v11p7d4sg8
[2011/05/04 20:21:44 | 000,009,264 | -HS- | M] () -- C:\ProgramData\i2152v11p7d4sg8
[2011/05/04 13:49:35 | 000,001,909 | ---- | M] () -- C:\Users\Chl\Desktop\may trades.rtf
[2011/05/04 13:48:54 | 000,002,196 | ---- | M] () -- C:\Users\Chl\Desktop\trades.rtf
[2011/05/02 21:18:10 | 000,000,026 | ---- | M] () -- C:\Users\Chl\Documents\aionmemo_ 63f53d3.dat
[2011/05/01 08:30:18 | 000,000,101 | ---- | M] () -- C:\Users\Chl\Desktop\cPix.ini
[2011/04/29 13:17:01 | 000,088,402 | ---- | M] () -- C:\Users\Chl\Desktop\ffqsmall.png
[2011/04/29 13:02:30 | 000,383,902 | ---- | M] () -- C:\Users\Chl\Desktop\ffq.png
[2011/04/28 12:42:21 | 000,002,296 | ---- | M] () -- C:\Users\Chl\Desktop\lookup.rtf
[2011/04/28 12:15:01 | 000,599,180 | ---- | M] () -- C:\Users\Chl\Desktop\pets.png
[2011/04/27 09:48:22 | 000,116,224 | ---- | M] () -- C:\Users\Chl\Desktop\Career Brochure.pub
[2011/04/27 09:31:06 | 000,010,240 | ---- | M] () -- C:\Users\Chl\Desktop\chloestraitiroquoisessay.wps
[2011/04/27 09:31:06 | 000,004,324 | ---- | M] () -- C:\Users\Chl\AppData\Roaming\wklnhst.dat
[2011/04/23 23:42:41 | 000,122,624 | ---- | M] () -- C:\Users\Chl\Desktop\pac.jpg
[2011/04/23 23:42:29 | 000,147,409 | ---- | M] () -- C:\Users\Chl\Desktop\blue.jpg
[2011/04/18 18:30:08 | 002,079,423 | ---- | M] () -- C:\Users\Chl\Desktop\mplayerc_20100214.zip
[2011/04/11 14:28:50 | 000,004,518 | ---- | M] () -- C:\Users\Chl\.recently-used.xbel

========== Files Created - No Company Name ==========

[2011/05/04 23:00:44 | 000,000,017 | ---- | C] () -- C:\Users\Chl\Desktop\stinger10101546.opt
[2011/05/04 22:17:55 | 000,000,134 | ---- | C] () -- C:\Users\Chl\Desktop\Internet Explorer Troubleshooting.url
[2011/05/04 22:01:38 | 002,076,412 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\Cat.DB
[2011/05/04 22:01:32 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/05/04 22:01:32 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/05/04 22:01:30 | 000,002,131 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/05/04 22:01:03 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\symnetv.cat
[2011/05/04 22:01:03 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\iron.cat
[2011/05/04 22:01:03 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymNet.cat
[2011/05/04 22:01:03 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymEFA.cat
[2011/05/04 22:01:03 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\srtspx.cat
[2011/05/04 22:01:03 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymDS.cat
[2011/05/04 22:01:03 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\srtsp.cat
[2011/05/04 22:01:03 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymEFA.inf
[2011/05/04 22:01:03 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymDS.inf
[2011/05/04 22:01:03 | 000,001,474 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymNetV.inf
[2011/05/04 22:01:03 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\SymNet.inf
[2011/05/04 22:01:03 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\srtspx.inf
[2011/05/04 22:01:03 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\srtsp.inf
[2011/05/04 22:01:03 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\Iron.inf
[2011/05/04 22:01:03 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500020.001\isolate.ini
[2011/05/04 21:50:03 | 000,000,843 | ---- | C] () -- C:\Users\Chl\Desktop\Norton Installation Files.lnk
[2011/05/04 21:47:40 | 000,000,814 | ---- | C] () -- C:\Users\Chl\Desktop\SpywareBlaster.lnk
[2011/05/04 21:28:33 | 000,000,932 | ---- | C] () -- C:\Users\Chl\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/04 21:28:33 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/04 20:19:37 | 000,009,264 | -HS- | C] () -- C:\Users\Chl\AppData\Local\i2152v11p7d4sg8
[2011/05/04 20:19:37 | 000,009,264 | -HS- | C] () -- C:\ProgramData\i2152v11p7d4sg8
[2011/05/03 18:50:43 | 000,001,909 | ---- | C] () -- C:\Users\Chl\Desktop\may trades.rtf
[2011/04/29 13:17:00 | 000,088,402 | ---- | C] () -- C:\Users\Chl\Desktop\ffqsmall.png
[2011/04/29 13:02:30 | 000,383,902 | ---- | C] () -- C:\Users\Chl\Desktop\ffq.png
[2011/04/28 12:42:21 | 000,002,296 | ---- | C] () -- C:\Users\Chl\Desktop\lookup.rtf
[2011/04/27 09:48:21 | 000,116,224 | ---- | C] () -- C:\Users\Chl\Desktop\Career Brochure.pub
[2011/04/27 09:31:06 | 000,010,240 | ---- | C] () -- C:\Users\Chl\Desktop\chloestraitiroquoisessay.wps
[2011/04/25 19:25:18 | 000,599,180 | ---- | C] () -- C:\Users\Chl\Desktop\pets.png
[2011/04/23 23:42:49 | 000,122,624 | ---- | C] () -- C:\Users\Chl\Desktop\pac.jpg
[2011/04/23 23:42:35 | 000,147,409 | ---- | C] () -- C:\Users\Chl\Desktop\blue.jpg
[2011/04/18 18:29:58 | 002,079,423 | ---- | C] () -- C:\Users\Chl\Desktop\mplayerc_20100214.zip
[2011/04/11 14:28:50 | 000,004,518 | ---- | C] () -- C:\Users\Chl\.recently-used.xbel
[2011/04/09 21:01:09 | 000,002,196 | ---- | C] () -- C:\Users\Chl\Desktop\trades.rtf
[2010/11/16 17:08:47 | 000,002,198 | ---- | C] () -- C:\ProgramData\QuickSet.xml
[2010/07/23 07:53:58 | 000,000,680 | ---- | C] () -- C:\Users\Chl\AppData\Local\d3d9caps.dat
[2009/09/17 16:45:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 16:45:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/24 10:25:56 | 000,004,324 | ---- | C] () -- C:\Users\Chl\AppData\Roaming\wklnhst.dat
[2008/08/24 17:03:11 | 000,052,736 | ---- | C] () -- C:\Users\Chl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/19 09:46:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/03 10:26:39 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/07/03 10:26:39 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/07/03 10:26:39 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/07/03 10:26:39 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/07/03 10:26:39 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/07/03 10:26:37 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/03 07:49:16 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/07/03 07:49:15 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/03 16:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 000,280,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 03:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/02/12 15:47:48 | 000,000,000 | ---D | M] -- C:\Users\Chl\AppData\Roaming\acccore
[2010/07/10 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Chl\AppData\Roaming\GetRightToGo
[2011/04/11 14:28:50 | 000,000,000 | ---D | M] -- C:\Users\Chl\AppData\Roaming\gtk-2.0
[2010/12/14 21:27:09 | 000,000,000 | ---D | M] -- C:\Users\Chl\AppData\Roaming\Sammsoft
[2009/10/06 16:19:45 | 000,000,000 | ---D | M] -- C:\Users\Chl\AppData\Roaming\Template
[2010/12/18 18:23:24 | 000,000,000 | ---D | M] -- C:\Users\Chl\AppData\Roaming\Vivox
[2011/05/05 14:02:55 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP