Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

All search engine Redirect

Started by cruise1123 , Jun 25 2011 07:16 PM

  • Please log in to reply

#1
cruise1123
Posted 25 June 2011 - 07:16 PM

cruise1123

    New Member

  • Member
  • Pip
  • 1 posts
I just noticed that my computer has been infected with a redirect virus. I am not exactly sure where and when this happened. I tried system restore, but that did not help. It happenes on all search engines, not just google. Every once in awhile a popup window opens and gives me a search engine/ redirect message. I always close all popups immediately. Please help me fix this problem. I wish I could explain more, but I have been trying to be very cautious lately when using the internet only visiting sites I know the web address for and trying to avoid google and other search engines in fear it will get worse.
Also...not sure if this helps determine what my computer is infected with, but the sound and some videos are not playing properly on the internet... especially youtube. Video plays, sound doesn't. If a webpage has background music it will play, but if a video opens, the sound for the video does not work. I checked and all my devices are working properly.


OTL logfile created on: 6/25/2011 9:03:04 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\kribeiro\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 55.05% Memory free
3.78 Gb Paging File | 3.25 Gb Available in Paging File | 85.98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 134.47 Gb Free Space | 90.22% Space Free | Partition Type: NTFS

Computer Name: HSTBOSXPRIBEIRO | User Name: kribeiro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 21:02:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kribeiro\Desktop\OTL.exe
PRC - [2011/06/23 17:25:46 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2010/08/25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/08/25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/08/25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/08/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/08/25 21:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/08/25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/09/22 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/22 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/22 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) -- c:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/05/27 10:33:20 | 000,121,128 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2008/05/27 10:32:56 | 001,357,608 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/15 11:24:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
PRC - [2007/12/11 15:15:04 | 000,012,800 | R--- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/25 21:02:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kribeiro\Desktop\OTL.exe
MOD - [2008/04/13 20:12:51 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/23 17:25:46 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/08/25 21:07:00 | 000,147,984 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/08/25 21:07:00 | 000,069,192 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/08/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/08/25 21:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/06/12 12:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- c:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/05/27 10:32:56 | 001,357,608 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/04/08 08:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/02/15 11:24:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe -- (EMP_NSWLSV)
SRV - [2007/12/11 15:15:04 | 000,012,800 | R--- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/08/25 21:07:00 | 000,344,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/25 21:07:00 | 000,091,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/25 21:07:00 | 000,076,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/25 21:07:00 | 000,066,536 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/25 21:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/08/25 21:07:00 | 000,043,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/03/04 10:31:00 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/07/23 11:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008/06/24 15:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/12 14:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/23 13:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 13:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/05/14 04:08:16 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/05/14 04:08:14 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/04/28 15:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/03/28 06:14:02 | 000,024,064 | R--- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/03/27 11:42:00 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/03/27 07:21:34 | 000,030,888 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wisdpen.sys -- (WISDPen)
DRV - [2008/02/29 19:13:38 | 001,202,560 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/10/06 06:30:50 | 000,012,712 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/08/13 19:13:44 | 000,019,584 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EP_NSWD.sys -- (Ndisprot)
DRV - [2007/08/13 19:13:42 | 000,006,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EMP_Map.sys -- (EMP_MAP)
DRV - [2007/06/21 04:40:02 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/16 07:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 12:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2005/03/21 04:05:46 | 000,333,620 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.paramus.k12.nj.us/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = https://www.njsmart....ico.com;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = pathfinder.paramus.k12.nj.us:80



Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKLM\..Trusted Domains: k12.nj.us ([mail2.paramus] http in Local intranet)
O15 - HKLM\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKCU\..Trusted Domains: k12.nj.us ([mail2.paramus] http in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PARAMUS.K12.NJ.US
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/22 10:44:35 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 21:02:11 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kribeiro\Desktop\OTL.exe
[2011/06/23 17:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/06/23 17:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/06/23 17:22:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\kribeiro\Recent
[2011/06/23 15:15:00 | 000,000,000 | -H-D | C] -- C:\Quarantine
[2011/06/19 23:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kribeiro\Desktop\fathersday
[2011/06/11 20:36:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/11 20:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/25 21:02:17 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kribeiro\Desktop\OTL.exe
[2011/06/25 20:28:41 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2011/06/25 15:34:35 | 000,020,540 | ---- | M] () -- C:\Documents and Settings\kribeiro\Desktop\carpet.jpg
[2011/06/25 15:29:19 | 000,029,495 | ---- | M] () -- C:\Documents and Settings\kribeiro\Desktop\house.jpg
[2011/06/25 15:27:23 | 000,001,743 | ---- | M] () -- C:\Documents and Settings\kribeiro\Desktop\carpet.gif
[2011/06/25 15:21:56 | 000,071,813 | ---- | M] () -- C:\Documents and Settings\kribeiro\Desktop\animals.jpg
[2011/06/25 15:21:16 | 000,048,144 | ---- | M] () -- C:\Documents and Settings\kribeiro\Desktop\owl2.jpg
[2011/06/25 15:19:45 | 000,042,959 | ---- | M] () -- C:\Documents and Settings\kribeiro\Desktop\owl.jpg
[2011/06/25 15:06:40 | 000,052,380 | ---- | M] () -- C:\Documents and Settings\kribeiro\Desktop\owltree.jpg
[2011/06/25 14:48:05 | 000,275,570 | ---- | M] () -- C:\Documents and Settings\kribeiro\Desktop\error.jpg
[2011/06/23 18:21:03 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2011/06/23 18:20:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/23 17:25:46 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.exe
[2011/06/23 17:24:16 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/23 17:14:19 | 000,444,596 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/23 17:14:19 | 000,072,306 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/19 23:23:32 | 001,662,414 | -H-- | M] () -- C:\Documents and Settings\kribeiro\Desktop\Pictures.zip
[2011/06/04 23:12:10 | 000,006,034 | -H-- | M] () -- C:\Documents and Settings\kribeiro\Desktop\FITCAMP.jpg
[2011/06/01 20:58:37 | 005,894,689 | -H-- | M] () -- C:\Documents and Settings\kribeiro\Desktop\AlyssaAJ.JPG
[2011/05/30 23:03:54 | 000,014,601 | -H-- | M] () -- C:\Documents and Settings\kribeiro\Desktop\WLMContacts.csv
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 15:34:46 | 000,020,540 | ---- | C] () -- C:\Documents and Settings\kribeiro\Desktop\carpet.jpg
[2011/06/25 15:28:47 | 000,029,495 | ---- | C] () -- C:\Documents and Settings\kribeiro\Desktop\house.jpg
[2011/06/25 15:27:31 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\kribeiro\Desktop\carpet.gif
[2011/06/25 15:22:40 | 000,071,813 | ---- | C] () -- C:\Documents and Settings\kribeiro\Desktop\animals.jpg
[2011/06/25 15:21:31 | 000,048,144 | ---- | C] () -- C:\Documents and Settings\kribeiro\Desktop\owl2.jpg
[2011/06/25 15:20:09 | 000,042,959 | ---- | C] () -- C:\Documents and Settings\kribeiro\Desktop\owl.jpg
[2011/06/25 15:07:12 | 000,052,380 | ---- | C] () -- C:\Documents and Settings\kribeiro\Desktop\owltree.jpg
[2011/06/25 14:48:04 | 000,275,570 | ---- | C] () -- C:\Documents and Settings\kribeiro\Desktop\error.jpg
[2011/06/19 23:23:28 | 001,662,414 | -H-- | C] () -- C:\Documents and Settings\kribeiro\Desktop\Pictures.zip
[2011/06/04 23:12:31 | 000,006,034 | -H-- | C] () -- C:\Documents and Settings\kribeiro\Desktop\FITCAMP.jpg
[2011/06/01 20:58:25 | 005,894,689 | -H-- | C] () -- C:\Documents and Settings\kribeiro\Desktop\AlyssaAJ.JPG
[2011/05/30 23:03:50 | 000,014,601 | -H-- | C] () -- C:\Documents and Settings\kribeiro\Desktop\WLMContacts.csv
[2011/01/25 10:00:39 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\kribeiro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/17 09:43:59 | 000,000,131 | -H-- | C] () -- C:\Documents and Settings\kribeiro\Local Settings\Application Data\fusioncache.dat
[2010/08/12 13:37:15 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/08/12 13:36:38 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.exe
[2009/07/28 07:55:22 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/24 08:11:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\WGrade7.Ini
[2009/07/23 15:24:29 | 000,006,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\EMP_Map.sys
[2009/07/22 15:34:54 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2009/07/22 13:27:50 | 000,000,049 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/07/22 12:52:35 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/07/22 12:00:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/07/22 12:00:34 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/07/22 12:00:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/07/22 12:00:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/07/22 12:00:34 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/07/22 12:00:34 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/07/22 11:24:42 | 000,000,280 | -H-- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/07/22 11:07:07 | 000,000,571 | -H-- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2009/07/22 11:02:04 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4973.dll
[2009/07/22 11:02:03 | 001,991,464 | RH-- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/07/22 11:02:03 | 000,432,400 | RH-- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/07/22 10:47:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/22 10:40:27 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/22 06:32:24 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/22 06:30:01 | 000,383,224 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/12 14:51:50 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2006/02/28 08:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,444,596 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,072,306 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 14:55:42 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 14:54:40 | 000,004,605 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >

Edited by cruise1123, 25 June 2011 - 07:26 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP