Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Strange powerful Malware- Help?

Started by fulanito_uk , Oct 20 2011 03:10 PM

  • Please log in to reply

#1
fulanito_uk
Posted 20 October 2011 - 03:10 PM

fulanito_uk

    New Member

  • Member
  • Pip
  • 1 posts
Hi all,

Having a problem with this malware i will explain below:

1.Laptop restarted about 2 hours ago on its own
2.new Icon on desk top gold key with numbers below it (0.8401682077733716) right click description is Screen Protector LCD Pro Guard.
3.will not allow me to run Malware B, infact if i type / write it in explorer or chromo it closes the web page so please do not type it in your answers
4.Will not let me safe start windows
5.I managed to run combofix by saving it as combo-fix however it gets stuck almost right away on the 1st scan (which can take 10 minutes or double).
6.running OLT hoping i can copy a scan here for some help...

This is my business laptop and while i can use it i would rather fix this malware before doing any personal/business work on it.

Thanking you!! If you need any more info please ask...

OTL logfile created on: 10/20/2011 10:00:47 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.96% Memory free
3.84 Gb Paging File | 3.35 Gb Available in Paging File | 87.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 49.07 Gb Total Space | 9.19 Gb Free Space | 18.72% Space Free | Partition Type: NTFS
Drive D: | 6.81 Gb Total Space | 0.70 Gb Free Space | 10.23% Space Free | Partition Type: FAT32

Computer Name: PC296002107085 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\SMINST\Scheduler.exe ()
PRC - C:\Program Files\HPQ\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\HPQ\IAM\Bin\asghost.exe (Cognizance Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b47e3385\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_bdba4085\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_c3c78932\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_6cdc823f\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_da2e3303\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.0.3705\system\1.0.3300.0__b77a5c561934e089_b5f26d08\system.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_7d7b8dad\mscorlib.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\SMINST\Scheduler.exe ()
MOD - C:\Program Files\HPQ\Shared\HpqToaster.exe ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - c:\windows\assembly\gac\sklibrary\1.7.2600.2180__31bf3856ad364e35\sklibrary.dll ()
MOD - c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll ()
MOD - c:\windows\assembly\gac\softkeyboardlogic\1.7.2600.2180__31bf3856ad364e35\softkeyboardlogic.dll ()
MOD - c:\windows\assembly\gac\interop.softkeyboardinterface\1.7.2600.2180__31bf3856ad364e35\interop.softkeyboardinterface.dll ()
MOD - c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- File not found
SRV - (HidServ) -- File not found
SRV - (WmcCds) Windows Media Connect (WMC) -- c:\Program Files\Windows Media Connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs) Windows Media Connect (WMC) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (srosa) -- C:\WINDOWS\system32\wfsintwq.sys ()
DRV - (sK9Ou0s) -- C:\WINDOWS\system32\srosa2.sys ()
DRV - (14563513) -- C:\WINDOWS\system32\drivers\22484659.sys (Kaspersky Lab, GERT)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (hpdskflt) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (WacomISDPen) -- C:\WINDOWS\system32\drivers\wacomisdpen.sys (Wacom Technology)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Cuevana Stream = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\2.0.1_0\

O1 HOSTS File: ([2004/08/04 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\HPQ\IAM\Bin\AsTsVcc.dll (Cognizance Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.74.121.11 190.160.0.13 200.83.1.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50BD30B0-F9EF-4812-958D-D9BA53CFFF0C}: DhcpNameServer = 200.74.121.11 190.160.0.13 200.83.1.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\OneCard: DllName - (C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll) - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\HP Cityscape Portrait.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Cityscape Portrait.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/20 21:43:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/20 21:13:11 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\22484659.sys
[2011/10/20 21:00:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/20 20:41:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/20 20:40:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/10/20 20:40:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/20 19:56:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/20 19:06:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\drivers
[2011/10/20 19:05:33 | 000,860,672 | ---- | C] (Info soft) -- C:\Documents and Settings\Administrator\Desktop\0.8401682077733716.exe
[2011/10/20 14:37:33 | 000,000,000 | ---D | C] -- C:\Scenario
[2011/10/20 14:34:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/20 06:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Codemasters
[2011/10/20 06:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2011/10/20 04:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\PANZERS - Phase II - Demo (Tunis)
[2011/10/20 04:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\PANZERS - Phase II - Demo (Tunis)
[2011/10/19 20:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Games
[2011/10/19 20:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft Games
[2011/10/19 20:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\GameSpy Arcade
[2011/10/19 20:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2011/10/19 20:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games
[2011/10/19 20:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2011/10/19 20:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD
[2011/10/19 20:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\MagicDisc
[2011/10/19 20:26:06 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2011/10/19 20:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2011/10/19 20:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sonic
[2011/10/19 20:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2011/10/18 23:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Take2
[2011/10/18 23:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Take2
[2011/10/18 20:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
[2011/10/18 01:50:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/10/15 22:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MediaMonkey
[2011/10/15 22:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaMonkey
[2011/10/15 22:27:29 | 000,000,000 | ---D | C] -- C:\Program Files\MediaMonkey
[2011/10/09 14:30:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/10/09 03:15:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2011/10/05 21:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2011/10/05 21:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Graboid_Inc
[2011/10/05 21:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Graboid
[2011/10/05 21:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Geckofx
[2011/10/05 21:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/10/05 21:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2011/10/05 04:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Seetix
[2011/10/05 04:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Omacd
[2011/10/05 04:43:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/10/05 04:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2011/10/04 22:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/10/04 22:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/04 22:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/04 22:13:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/04 22:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malw
[2011/09/28 18:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/09/28 06:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM
[2011/09/28 01:00:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2011/09/28 01:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CutePDF Writer
[2011/09/28 00:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2011/09/28 00:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2011/09/28 00:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011/09/27 01:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\vestido
[2011/09/26 23:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/09/26 23:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/09/26 23:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/09/26 23:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/09/26 23:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/09/26 23:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/09/26 23:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2011/09/26 23:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/09/26 23:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/09/26 23:52:01 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/09/26 15:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
[2011/09/26 15:50:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/09/26 15:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/09/26 15:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2011/09/26 15:26:40 | 000,431,944 | ---- | C] (Yahoo! Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\msgr9us.exe
[2011/09/26 15:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/09/25 15:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/09/25 15:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\WinRAR
[2011/09/25 15:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2011/09/25 15:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/09/24 14:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ds
[2011/09/24 04:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/09/24 04:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/09/24 04:06:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/24 04:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2011/09/24 04:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Virtual City
[2011/09/24 04:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AlawarWrapper
[2011/09/24 04:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/09/24 04:01:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alawar
[2011/09/24 03:18:26 | 000,000,000 | ---D | C] -- C:\extensions
[2011/09/24 03:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/09/24 03:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2011/09/24 03:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/09/24 03:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2011/09/24 03:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BitTorrent
[2011/09/24 03:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2011/09/23 23:59:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Tracing
[2011/09/23 23:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/09/23 23:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/09/23 23:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/09/23 23:58:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/09/23 23:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/09/23 23:54:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/09/23 00:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/09/23 00:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2011/09/22 22:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/09/22 22:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/09/22 01:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/09/22 01:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2011/09/22 01:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/09/22 01:22:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\tiinst
[2011/09/22 01:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2011/09/22 01:18:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/09/22 01:14:20 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/09/22 01:12:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\i386
[2011/09/22 00:55:52 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/09/21 18:41:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/09/21 18:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/09/21 18:33:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/09/21 18:32:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/09/21 18:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/09/21 18:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/09/21 18:27:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/09/21 18:27:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/09/21 18:19:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/09/21 17:48:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/09/21 17:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/09/21 17:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HpUpdate
[2011/09/21 17:30:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/20 21:53:15 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1046048823-1934067525-16984720-500UA.job
[2011/10/20 21:46:48 | 000,417,008 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/20 21:46:48 | 000,067,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/20 21:43:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/20 21:42:30 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\srosa2.sys
[2011/10/20 21:41:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/20 21:41:13 | 2138,492,928 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/20 21:41:13 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 21:13:11 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\22484659.sys
[2011/10/20 21:00:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/20 20:53:28 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/20 20:24:41 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MWB.bat.lnk
[2011/10/20 19:06:29 | 000,860,672 | ---- | M] (Info soft) -- C:\Documents and Settings\Administrator\Desktop\0.8401682077733716.exe
[2011/10/20 14:53:02 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1046048823-1934067525-16984720-500Core.job
[2011/10/20 04:25:28 | 000,000,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PANZERS - Phase II - Demo (Tunis).lnk
[2011/10/19 20:37:23 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Arcade.lnk
[2011/10/19 20:37:23 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GameSpy Arcade.lnk
[2011/10/19 20:37:16 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Rise of Nations Gold.lnk
[2011/10/19 20:31:35 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/10/19 20:28:04 | 000,001,657 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InterVideo WinDVD.lnk
[2011/10/19 20:27:25 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
[2011/10/19 20:26:13 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
[2011/10/19 20:26:13 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MagicDisc.lnk
[2011/10/19 00:37:18 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/18 23:11:37 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Play Hidden and Dangerous Deluxe.lnk
[2011/10/18 20:02:38 | 000,000,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2011/10/18 04:08:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/15 22:27:38 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk
[2011/10/05 21:37:04 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/10/05 13:51:01 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/05 13:51:00 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/10/03 00:56:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/28 18:40:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/26 15:49:19 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/09/26 15:49:19 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/09/24 04:03:56 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/09/24 03:17:27 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/09/24 03:17:27 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2011/09/22 01:24:08 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/09/22 01:23:05 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2011/09/22 01:21:28 | 000,001,598 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_HP Compaq tc4200 (PA752AV)_YN_0U_QMXL64207XP_ERS182USABA_46_I0938_SHP_VKBC Version 38.59_B68DTH Ver. F.0F_T071030_WXP2_L409_M2040_J60_7Intel_8Pentium M_91.73_#110922_N14E4167D_(PA752AV)_XMOBILE_CN10_Z.MRK
[2011/09/22 01:20:00 | 000,002,995 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/09/22 01:19:55 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/09/22 01:19:44 | 000,000,351 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Register your Notebook.URL
[2011/09/22 01:15:57 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/09/22 01:12:55 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011/09/21 18:32:15 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/21 17:50:26 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/20 21:00:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/20 21:00:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/20 19:13:08 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\srosa2.sys
[2011/10/20 04:25:28 | 000,000,960 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PANZERS - Phase II - Demo (Tunis).lnk
[2011/10/19 20:37:23 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\GameSpy Arcade.lnk
[2011/10/19 20:37:23 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GameSpy Arcade.lnk
[2011/10/19 20:37:16 | 000,001,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rise of Nations Gold.lnk
[2011/10/19 20:28:04 | 000,001,657 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InterVideo WinDVD.lnk
[2011/10/19 20:27:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/10/19 20:27:56 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/10/19 20:27:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/10/19 20:27:56 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/10/19 20:27:56 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/10/19 20:27:56 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/10/19 20:26:13 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
[2011/10/19 20:26:13 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MagicDisc.lnk
[2011/10/18 23:11:37 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Play Hidden and Dangerous Deluxe.lnk
[2011/10/18 20:02:38 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2011/10/18 04:12:32 | 2138,492,928 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/15 22:27:38 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk
[2011/10/04 22:13:56 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MWB.bat.lnk
[2011/09/28 13:50:15 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 00:57:07 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/09/26 15:49:19 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/09/26 15:49:19 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/09/24 04:46:16 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/09/24 04:03:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/09/24 03:17:27 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2011/09/24 03:17:27 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2011/09/23 00:44:03 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/09/23 00:44:03 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/23 00:42:02 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1046048823-1934067525-16984720-500UA.job
[2011/09/23 00:42:01 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1046048823-1934067525-16984720-500Core.job
[2011/09/22 22:20:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/22 01:24:08 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/09/22 01:23:05 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2011/09/22 01:21:55 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
[2011/09/22 01:21:22 | 000,001,598 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_NTBK_HP Compaq tc4200 (PA752AV)_YN_0U_QMXL64207XP_ERS182USABA_46_I0938_SHP_VKBC Version 38.59_B68DTH Ver. F.0F_T071030_WXP2_L409_M2040_J60_7Intel_8Pentium M_91.73_#110922_N14E4167D_(PA752AV)_XMOBILE_CN10_Z.MRK
[2011/09/22 01:18:17 | 000,000,351 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Register your Notebook.URL
[2011/09/22 01:15:57 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/09/22 01:12:55 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011/09/21 18:03:06 | 002,063,744 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/09/21 17:50:26 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2011/05/24 12:03:24 | 000,276,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ConduitInstaller.exe
[2011/03/27 20:43:08 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Bloson.exe
[2011/03/21 12:36:30 | 000,026,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\bloson.bmp
[2010/11/13 11:14:46 | 000,062,648 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\toolbar3.bmp
[2010/11/12 11:09:56 | 000,195,108 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\lateral3.bmp
[2010/11/12 10:44:14 | 000,193,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\lateral1.bmp
[2010/11/12 10:10:58 | 000,193,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\lateral2.bmp
[2007/06/19 02:19:25 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/19 02:18:01 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/27 16:51:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/01 20:11:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 14:29:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 14:29:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 14:26:34 | 000,417,008 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 14:26:34 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 14:25:52 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 14:20:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2004/08/07 14:18:36 | 000,331,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 14:13:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 14:08:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 09:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/01 10:39:56 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/05/28 09:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 09:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/05/07 03:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2011/10/20 03:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2011/10/20 19:12:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\drivers
[2011/10/18 22:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2011/09/22 01:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon
[2011/10/19 20:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2011/10/14 16:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Omacd
[2011/10/09 19:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2007/06/19 02:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/10/14 01:37:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Seetix
[2011/09/24 04:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Virtual City
[2011/09/24 04:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2011/09/22 01:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP