Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Generic.tfr!e (Trojan) Infection?

Started by Prospero , Jul 17 2011 10:48 AM

  • Please log in to reply

#1
Prospero
Posted 17 July 2011 - 10:48 AM

Prospero

    Member

  • Member
  • PipPip
  • 26 posts
Hello

I have a 4 year old Dell pc with Windows XP SP3.
A McAfee warning box keeps appearing asking me to restart my computer to remove said trojan, obviously this doesn't work.
I therefore checked McAfee security centre where it said it had run a scan a couple of days ago and found 48000 pieces of spyware.
I then ran MBAM in safe mode which detected, quarantined and deleted about 100 pieces of malware.
Nothing seemed to change so I ran MBAM again and this time it detected about 20 pieces of malware, I did a few more scans but every time it detected the same 20+ pieces of malware again and again but failed to get rid of them.
I now can't run MBAM for some reason (although I haven't tried it in safe mode again yet).
I also had several boxes appearing telling me that Svchost has encountered a problem and needs to close.
I then tried repairing the operating system which doesn't seem to have helped.
I then ran OTL and have posted the log below, though oddly when I opened the log it would close after a couple of seconds but it will let me open it in wordpad instead.

I would be very greatful for any help.

OTL logfile created on: 16/07/2011 17:10:02 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.07 Mb Total Physical Memory | 234.31 Mb Available Physical Memory | 46.67% Memory free
1.20 Gb Paging File | 0.56 Gb Available in Paging File | 46.67% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.20 Gb Total Space | 5.29 Gb Free Space | 10.33% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 0.36 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 147.91 Gb Free Space | 15.88% Space Free | Partition Type: NTFS

Computer Name: | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/16 17:09:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
PRC - [2011/07/10 14:18:27 | 000,270,336 | ---- | M] (Corporation) -- C:\Documents and Settings\\Start Menu\Programs\Startup\Run.exe
PRC - [2011/07/10 14:13:57 | 000,270,336 | ---- | M] (Corporation) -- C:\Documents and Settings\\Start Menu\Programs\Startup\10-Jul-11-4f0e2b3b7ca6dce-svchost.exe
PRC - [2011/07/10 13:59:24 | 000,270,336 | ---- | M] (Corporation) -- C:\Documents and Settings\\Start Menu\Programs\Startup\21198.exe
PRC - [2011/07/02 00:44:43 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011/06/29 03:13:56 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\Update.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/04/05 11:50:44 | 001,159,888 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2011/04/05 11:50:44 | 000,822,560 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/12 15:56:44 | 000,164,384 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McVsMap.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/07/27 03:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/16 11:24:52 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/16 17:09:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/22 16:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Disabled | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/06/23 15:21:30 | 000,157,568 | R--- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwhdpvr.sys -- (hcwhdpvr)
DRV - [2010/04/09 15:38:21 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/09 15:38:21 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/04/09 15:38:21 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/23 14:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 14:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 14:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/12/12 11:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/15 17:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/10/16 11:24:55 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/27 18:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2006/02/10 11:19:12 | 001,107,224 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/12 22:29:38 | 000,013,568 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wsp_pkt.sys -- (wsppkt)
DRV - [2006/01/12 22:27:16 | 000,013,696 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys -- (hnmwrlspkt)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/21 09:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 09:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/11/24 15:36:18 | 000,010,368 | ---- | M] (FotoNation Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CoachAud.sys -- (CoachAud)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4061016
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4061016

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4061016
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/24 19:41:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/10/11 22:36:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110512191129.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Wanadoo\WSBar\WSBar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [EPSON Stylus CX3600 Series] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\psp\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [U4Q7WMJ6WVZB8] File not found
O4 - HKLM..\Run: [USB2Check] C:\WINDOWS\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DRProtect] File not found
O4 - HKCU..\Run: [QuickTime Task] C:\Program Files\psp\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [SearchIndexer] C:\Documents and Settings\Gill\Application Data\SearchIndexer\svchost.exe ()
O4 - HKCU..\Run: [Software] File not found
O4 - HKCU..\Run: [SystemRev] File not found
O4 - HKCU..\Run: [SystRez] File not found
O4 - HKCU..\Run: [Windows] File not found
O4 - HKCU..\Run: [winupdater] C:\WINDOWS\system32\Update.exe ()
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\10-Jul-11-4f0e2b3b7ca6dce-svchost.exe (Corporation)
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\21198.exe (Corporation)
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\29572.exe (Corporation)
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\iexplorer.exe (Microsoft)
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\Run.exe (Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: U4Q7WMJ6WVZB8 = C:\Documents and Settings\\Application Data\QL64NPHF8JC.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Policies = C:\WINDOWS\explorer\svchost.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: SearchIndexer = C:\Documents and Settings\\Application Data\SearchIndexer\svchost.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: U4Q7WMJ6WVZB8 = C:\Documents and Settings\\Application Data\QL64NPHF8JC.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Policies = C:\WINDOWS\explorer\svchost.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photob...?20091016111722 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1254860490875 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/31 18:14:44 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/16 17:09:11 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
[2011/07/16 16:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/07/13 00:15:48 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\\Desktop\mbam-setup-1.51.0.1200 1.exe
[2011/07/12 21:37:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/07/12 21:06:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/07/12 19:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/07/12 18:04:00 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/07/12 18:04:00 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/07/12 18:01:54 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/07/12 17:57:51 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/07/12 17:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/07/12 17:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/07/10 14:18:43 | 000,270,336 | ---- | C] (Corporation) -- C:\Documents and Settings\\Start Menu\Programs\Startup\Run.exe
[2011/07/10 14:14:10 | 000,270,336 | ---- | C] (Corporation) -- C:\Documents and Settings\\Start Menu\Programs\Startup\10-Jul-11-4f0e2b3b7ca6dce-svchost.exe
[2011/07/10 14:00:26 | 000,270,336 | ---- | C] (Corporation) -- C:\Documents and Settings\\Start Menu\Programs\Startup\21198.exe
[2011/06/30 15:19:01 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/29 02:16:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Windupdt
[2011/06/28 20:23:01 | 000,000,000 | ---D | C] -- C:\directory
[2011/06/27 01:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\Internet Explorer
[2011/06/27 00:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\SearchIndexer
[2011/06/26 23:38:14 | 000,774,144 | ---- | C] (Corporation) -- C:\Documents and Settings\\Start Menu\Programs\Startup\29572.exe
[2011/06/26 15:24:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony
[2011/06/26 14:53:03 | 202,762,352 | ---- | C] (Sony Creative Software Inc.) -- C:\Documents and Settings\\Desktop\vegaspro100d_32bit.exe
[2011/06/22 19:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Application Data\Nikon
[2011/06/19 20:12:36 | 004,641,624 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\\Desktop\R126541.EXE
[2011/06/19 20:08:07 | 001,417,304 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\\Desktop\R114566.EXE
[2011/06/19 19:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\\Local Settings\Application Data\realtech_VR
[2011/06/19 19:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\realtech VR
[2011/06/19 19:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\realtech VR
[2011/06/19 17:40:48 | 004,641,624 | ---- | C] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\\Desktop\R126541 DELL (DON'T TOUCH).EXE
[2011/06/19 17:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/06/19 16:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/17 03:17:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Gill\*.tmp files -> C:\Documents and Settings\Gill\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/16 17:09:25 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\\Desktop\OTL.exe
[2011/07/16 17:06:30 | 000,004,799 | -H-- | M] () -- C:\Documents and Settings\\Application Data\cglogs.dat
[2011/07/16 16:43:07 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/16 16:30:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1925694867-133074732-2442888997-1005UA.job
[2011/07/16 16:22:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/16 16:22:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/16 16:22:36 | 526,536,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/15 18:48:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/15 00:45:42 | 000,016,664 | ---- | M] () -- C:\Documents and Settings\\Application Data\wklnhst.dat
[2011/07/15 00:45:41 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\\My Documents\Reman job.wps
[2011/07/15 00:34:48 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2011/07/15 00:34:48 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2011/07/14 18:30:00 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1925694867-133074732-2442888997-1005Core.job
[2011/07/13 00:17:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/13 00:15:52 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\\Desktop\mbam-setup-1.51.0.1200 1.exe
[2011/07/12 23:37:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 23:19:53 | 000,444,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/12 23:19:52 | 000,073,244 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/12 23:13:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/12 23:12:20 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/12 22:49:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/12 21:47:28 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/07/12 20:17:01 | 000,090,624 | ---- | M] () -- C:\Documents and Settings\\Desktop\Trojan.wps
[2011/07/12 18:09:17 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/07/12 17:59:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/07/12 17:59:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/07/12 17:59:29 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/12 17:54:37 | 000,034,380 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/07/12 17:54:09 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/07/12 17:51:48 | 000,000,280 | -HS- | M] () -- C:\boot.ini
[2011/07/12 17:43:28 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2011/07/10 14:18:27 | 000,270,336 | ---- | M] (Corporation) -- C:\Documents and Settings\\Start Menu\Programs\Startup\Run.exe
[2011/07/10 14:13:57 | 000,270,336 | ---- | M] (Corporation) -- C:\Documents and Settings\\Start Menu\Programs\Startup\10-Jul-11-4f0e2b3b7ca6dce-svchost.exe
[2011/07/10 13:59:24 | 000,270,336 | ---- | M] (Corporation) -- C:\Documents and Settings\\Start Menu\Programs\Startup\21198.exe
[2011/07/06 13:46:18 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/04 00:08:14 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2011/07/02 00:45:14 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/07/02 00:45:13 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/06/30 18:43:35 | 058,064,040 | ---- | M] () -- C:\Documents and Settings\\Desktop\setup_av_free.exe
[2011/06/30 15:19:12 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/29 03:29:56 | 000,503,296 | ---- | M] () -- C:\Documents and Settings\\Ganja157.exe
[2011/06/29 03:27:23 | 000,000,032 | ---- | M] () -- C:\Documents and Settings\\Application Data\Local
[2011/06/29 03:27:20 | 000,503,296 | ---- | M] () -- C:\Documents and Settings\\Application Data\server21.exe
[2011/06/29 03:13:56 | 000,884,736 | ---- | M] () -- C:\WINDOWS\System32\Update.exe
[2011/06/26 23:38:00 | 000,774,144 | ---- | M] (Corporation) -- C:\Documents and Settings\\Start Menu\Programs\Startup\29572.exe
[2011/06/26 15:24:42 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 10.0.lnk
[2011/06/26 14:54:56 | 202,762,352 | ---- | M] (Sony Creative Software Inc.) -- C:\Documents and Settings\\Desktop\vegaspro100d_32bit.exe
[2011/06/26 04:12:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\\Desktop\mail.dat
[2011/06/26 04:12:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\\Desktop\mess.dat
[2011/06/26 04:09:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\\Application Data\chrtmp
[2011/06/21 23:06:50 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\\Desktop\Clan names.wps
[2011/06/19 20:15:27 | 000,947,730 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/06/19 20:12:43 | 004,641,624 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\\Desktop\R126541.EXE
[2011/06/19 20:08:14 | 001,417,304 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\\Desktop\R114566.EXE
[2011/06/19 19:58:24 | 000,412,672 | ---- | M] () -- C:\Documents and Settings\\Desktop\Minecraft.wps
[2011/06/19 19:28:41 | 006,716,066 | ---- | M] () -- C:\Documents and Settings\\Desktop\glview337.exe
[2011/06/19 18:52:03 | 000,270,142 | ---- | M] () -- C:\Documents and Settings\\Desktop\Minecraft.exe
[2011/06/19 18:43:18 | 000,148,418 | ---- | M] () -- C:\Documents and Settings\\Desktop\AQA-PHYA5-A-W-INS-JUN10.pdf
[2011/06/19 17:41:05 | 004,641,624 | ---- | M] (Xceed Software Inc. 1-450-442-2626 [email protected] www.xceedsoft.com) -- C:\Documents and Settings\\Desktop\R126541 DELL (DON'T TOUCH).EXE
[2011/06/19 16:31:49 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/19 16:11:13 | 000,270,142 | ---- | M] () -- C:\Documents and Settings\\Desktop\Minecraft1.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\\*.tmp files -> C:\Documents and Settings\\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/15 00:03:56 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\\My Documents\Reman job.wps
[2011/07/12 20:16:59 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\\Desktop\Trojan.wps
[2011/07/12 18:10:18 | 526,536,704 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/12 18:03:46 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/07/12 18:03:04 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/07/12 18:02:51 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/07/12 18:02:50 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/07/12 18:02:48 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/07/12 18:02:36 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/07/12 18:02:29 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/07/12 18:01:59 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/07/12 17:38:42 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/07/12 17:38:42 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2011/07/12 17:38:42 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/07/12 17:38:42 | 000,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2011/07/12 17:38:42 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/07/12 17:38:42 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/07/12 17:38:42 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/07/12 17:38:41 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/07/12 17:38:41 | 000,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/07/02 00:45:14 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/07/02 00:45:14 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/07/02 00:45:10 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/06/30 18:42:45 | 058,064,040 | ---- | C] () -- C:\Documents and Settings\\Desktop\setup_av_free.exe
[2011/06/29 03:29:56 | 000,503,296 | ---- | C] () -- C:\Documents and Settings\\Ganja157.exe
[2011/06/29 03:27:23 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\\Application Data\Local
[2011/06/29 03:27:19 | 000,503,296 | ---- | C] () -- C:\Documents and Settings\\Application Data\server21.exe
[2011/06/29 03:14:58 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\Update.exe
[2011/06/26 15:24:42 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vegas Pro 10.0.lnk
[2011/06/26 04:09:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\\Application Data\chrtmp
[2011/06/26 04:02:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\\Desktop\mail.dat
[2011/06/26 04:02:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\\Desktop\mess.dat
[2011/06/21 02:51:05 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\\Desktop\Clan names.wps
[2011/06/19 19:28:40 | 006,716,066 | ---- | C] () -- C:\Documents and Settings\\Desktop\glview337.exe
[2011/06/19 18:52:02 | 000,270,142 | ---- | C] () -- C:\Documents and Settings\\Desktop\Minecraft.exe
[2011/06/19 18:43:18 | 000,148,418 | ---- | C] () -- C:\Documents and Settings\\Desktop\AQA-PHYA5-A-W-INS-JUN10.pdf
[2011/06/19 16:46:24 | 000,412,672 | ---- | C] () -- C:\Documents and Settings\\Desktop\Minecraft.wps
[2011/06/19 16:11:13 | 000,270,142 | ---- | C] () -- C:\Documents and Settings\\Desktop\Minecraft1.exe
[2011/03/08 17:29:29 | 000,000,265 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini
[2011/03/08 17:28:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2011/03/08 17:28:37 | 000,002,336 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2010/10/20 14:37:21 | 000,002,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/15 14:38:03 | 000,016,664 | ---- | C] () -- C:\Documents and Settings\\Application Data\wklnhst.dat
[2010/01/22 23:45:37 | 000,039,152 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/13 18:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2010/01/13 01:49:30 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2010/01/13 01:45:27 | 000,005,729 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010/01/06 01:53:47 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Tribal Masks
[2010/01/06 01:53:46 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2009/10/11 21:11:33 | 000,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/11 21:11:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/11 21:11:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/11 21:11:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/10 21:58:24 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/06/19 22:31:16 | 000,001,816 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/12 20:00:23 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/26 20:55:01 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/03/25 20:35:18 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/11/09 23:07:36 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\F1BF6624F3.sys
[2006/10/28 16:41:22 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\\Local Settings\Application Data\fusioncache.dat
[2006/10/22 23:01:40 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/10/20 21:34:28 | 000,005,852 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/20 21:34:28 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\F32466BFF1.sys
[2006/10/18 19:04:28 | 000,038,028 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/10/18 19:04:28 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/10/18 19:04:27 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/10/18 18:57:07 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE CX3600E.ini
[2006/10/18 18:32:13 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/10/16 11:34:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/10/16 11:27:55 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/16 11:24:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/16 11:22:48 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/10/16 10:57:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/10/16 10:55:49 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/19 22:12:46 | 000,004,799 | -H-- | C] () -- C:\Documents and Settings\Gill\Application Data\cglogs.dat
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 04:38:45 | 000,034,380 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 04:27:59 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 04:18:33 | 000,444,572 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 04:18:33 | 000,073,244 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 04:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/08 03:16:43 | 000,000,604 | -H-- | C] () -- C:\Documents and Settings\\Application Data\Glog.dat
[2005/03/22 23:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 23:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 05:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2000/01/28 00:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe

========== LOP Check ==========

[2010/01/06 01:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Calibrators
[2010/09/18 17:59:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/09/18 18:36:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/09/27 22:07:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/10/12 00:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
[2008/03/22 00:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2010/01/06 01:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/02/08 19:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EwisoftWeb
[2010/09/14 17:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2010/01/13 01:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2006/12/31 18:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2007/06/26 20:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2011/02/09 13:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/10/20 00:28:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenVCR
[2010/05/12 13:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/04/11 17:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/10/07 10:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/10/18 19:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/01/06 01:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/05/21 23:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2010/07/05 20:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/22 22:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/19 16:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\.minecraft
[2011/05/20 00:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\AnvSoft
[2010/09/27 22:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Canon
[2010/09/18 18:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Canon Easy-WebPrint EX
[2005/10/23 08:11:36 | 000,000,000 | RHSD | M] -- C:\Documents and Settings\\Application Data\explorer
[2011/02/27 00:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\gtk-2.0
[2011/06/30 18:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Internet Explorer
[2011/06/22 19:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Nikon
[2011/05/21 12:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Opera
[2011/01/09 17:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Publish Providers
[2011/07/09 14:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\SearchIndexer
[2011/06/26 15:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Sony
[2011/03/17 00:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Stykz
[2010/09/15 14:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Template
[2010/10/18 23:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\\Application Data\Toolbar4

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 17 July 2011 - 03:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall:

Superantispyware so it won't interfere.



Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses


:OTL
O4 - HKLM..\Run: [U4Q7WMJ6WVZB8] File not found
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKCU..\Run: [DRProtect] File not found
O4 - HKCU..\Run: [SearchIndexer] C:\Documents and Settings\Gill\Application Data\SearchIndexer\svchost.exe ()
O4 - HKCU..\Run: [Software] File not found
O4 - HKCU..\Run: [SystemRev] File not found
O4 - HKCU..\Run: [SystRez] File not found
O4 - HKCU..\Run: [Windows] File not found
O4 - HKCU..\Run: [winupdater] C:\WINDOWS\system32\Update.exe ()
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\10-Jul-11-4f0e2b3b7ca6dce-svchost.exe (Corporation)
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\21198.exe (Corporation)
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\29572.exe (Corporation)
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\iexplorer.exe (Microsoft)
O4 - Startup: C:\Documents and Settings\\Start Menu\Programs\Startup\Run.exe (Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: U4Q7WMJ6WVZB8 = C:\Documents and Settings\\Application Data\QL64NPHF8JC.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Policies = C:\WINDOWS\explorer\svchost.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: SearchIndexer = C:\Documents and Settings\\Application Data\SearchIndexer\svchost.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: U4Q7WMJ6WVZB8 = C:\Documents and Settings\\Application Data\QL64NPHF8JC.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Policies = C:\WINDOWS\explorer\svchost.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
[2011/06/29 03:29:56 | 000,503,296 | ---- | M] () -- C:\Documents and Settings\\Ganja157.exe
[2011/06/29 03:27:20 | 000,503,296 | ---- | M] () -- C:\Documents and Settings\\Application Data\server21.exe
[2011/06/29 03:13:56 | 000,884,736 | ---- | M] () -- C:\WINDOWS\System32\Update.exe
[2011/06/26 23:38:00 | 000,774,144 | ---- | M] (Corporation) -- C:\Documents and Settings\\Start Menu\Programs\Startup\29572.exe


:files
C:\Documents and Settings\\Start Menu\Programs\Startup\Run.exe
C:\Documents and Settings\\Start Menu\Programs\Startup\10-Jul-11-4f0e2b3b7ca6dce-svchost.exe
C:\Documents and Settings\\Start Menu\Programs\Startup\21198.exe
C:\Documents and Settings\Gill\Application Data\SearchIndexer
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C


:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html McAfee is particular adept at removing portions of Combofix so you must pause or disable it!


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply



aswMBR now has an option to run the Avast anti-virus scan. Avast is much better than McAfee so it's worth the time to let it do a scan.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP