Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Persistant Malware - Help Remove Plz

Started by CP_Dub , Mar 01 2012 10:41 AM

  • Please log in to reply

#1
CP_Dub
Posted 01 March 2012 - 10:41 AM

CP_Dub

    New Member

  • Member
  • Pip
  • 1 posts
A previous employee enjoyed surfing questionable sites here at work. We have tried running MBAM, Superantispyware, ComboFix and nothing seems to fully resolve the problem. Firefox closes on it's own, we receive java debug errors and random files show up with names such as "certfilequeue.exe" and reappear under another name after being deleted. Please help, this infection is stubborn.



OTL logfile created on: 3/1/2012 10:27:16 AM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Shipping\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.09% Memory free
4.22 Gb Paging File | 3.13 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.32 Gb Total Space | 72.71 Gb Free Space | 54.13% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 13.74 Gb Free Space | 93.79% Space Free | Partition Type: NTFS

Computer Name: SHIPPING-PC | User Name: Shipping | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Shipping\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (k57nd60x) Broadcom NetLink ™ -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{95F2D55D-5B3B-41C0-A59A-70B728CEE32A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADBR_enUS321
IE - HKCU\..\SearchScopes\{95F2D55D-5B3B-41C0-A59A-70B728CEE32A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://g.msn.com/USREL/1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/21 10:19:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/22 13:13:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F2B2889F-1C82-4C99-B243-43CE3394A61F}: C:\Users\Shipping\AppData\Local\{F2B2889F-1C82-4C99-B243-43CE3394A61F}

[2011/09/29 09:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shipping\AppData\Roaming\Mozilla\Extensions
[2012/01/12 09:56:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shipping\AppData\Roaming\Mozilla\Firefox\Profiles\q306nxxh.default\extensions
[2012/03/01 09:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/01 09:14:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SHIPPING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q306NXXH.DEFAULT\EXTENSIONS\{C36177C0-224A-11DA-8CD6-0800200C9A91}.XPI
[2012/02/22 13:13:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/22 13:13:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/22 13:13:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/01 09:45:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\RunOnce: [*evtsrescpl.exe] C:\Users\Shipping\evtsrescpl.exe (My© Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: youtube.com ([www] http in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://ladygaga.fanc...geUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUplden-us.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.92.1.6 192.168.2.254 208.40.1.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2787EE9-8EF5-460D-AF18-215EE479BD7C}: DhcpNameServer = 168.92.1.6 192.168.2.254 208.40.1.6
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Shipping\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Shipping\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/01 09:54:23 | 000,085,504 | ---- | C] (My© Systems) -- C:\Users\Shipping\evtsrescpl.exe
[2012/03/01 09:47:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/01 09:47:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/01 09:31:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/03/01 09:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/03/01 09:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/01 08:17:05 | 000,000,000 | ---D | C] -- C:\Users\Shipping\AppData\Roaming\Malwarebytes
[2012/02/23 09:35:12 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012/02/23 09:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/02/23 09:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/02/23 09:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/02/23 09:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/02/23 09:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/02/23 09:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/02/23 08:56:34 | 000,000,000 | --SD | C] -- C:\Users\Shipping\Documents\My Data Sources
[2012/02/03 11:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/03 11:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/03 11:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2012/03/01 10:24:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 10:24:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 10:15:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/01 09:59:07 | 000,608,356 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/01 09:59:07 | 000,107,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/01 09:54:23 | 000,085,504 | ---- | M] (My© Systems) -- C:\Users\Shipping\evtsrescpl.exe
[2012/03/01 09:54:20 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/03/01 09:54:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/01 09:53:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/01 09:53:49 | 2135,916,544 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/01 09:45:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/01 09:18:44 | 000,000,768 | ---- | M] () -- C:\Windows\System32\FOXUSER.FPT
[2012/03/01 08:16:59 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/29 23:22:10 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C055A8D3-B8EA-4012-8186-0049F0015DF0}.job
[2012/02/29 15:25:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2012/02/29 15:25:46 | 000,000,000 | ---- | M] () -- C:\Users\Shipping\AppData\Roaming\Perl
[2012/02/29 15:25:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\Percussion Kit
[2012/02/29 15:24:24 | 000,000,000 | ---- | M] () -- C:\ProgramData\PKP_DLdw.DAT
[2012/02/29 15:24:24 | 000,000,000 | ---- | M] () -- C:\Users\Shipping\AppData\Roaming\Piano
[2012/02/29 15:24:24 | 000,000,000 | ---- | M] () -- C:\ProgramData\Phaser
[2012/02/23 09:36:47 | 000,000,938 | ---- | M] () -- C:\Users\Shipping\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/23 09:34:36 | 000,000,715 | ---- | M] () -- C:\Users\Shipping\Desktop\Settings.ini
[2012/02/23 09:32:35 | 000,379,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/03 11:44:09 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/03/01 08:16:59 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/29 15:25:46 | 000,000,000 | ---- | C] () -- C:\ProgramData\Percussion Kit
[2012/02/29 15:24:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\Phaser
[2012/02/23 09:36:47 | 000,000,938 | ---- | C] () -- C:\Users\Shipping\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/02/23 09:35:12 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2012/02/23 09:34:36 | 000,000,715 | ---- | C] () -- C:\Users\Shipping\Desktop\Settings.ini
[2012/02/03 11:44:09 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/09/02 08:12:42 | 000,000,120 | ---- | C] () -- C:\Users\Shipping\AppData\Local\Smecip.dat
[2011/09/02 08:12:42 | 000,000,000 | ---- | C] () -- C:\Users\Shipping\AppData\Local\Otumozanij.bin
[2011/01/20 14:14:54 | 000,000,000 | ---- | C] () -- C:\Users\Shipping\AppData\Local\TEMPoutput.dat
[2010/11/22 08:28:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/22 08:28:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/22 08:28:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/22 08:28:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/22 08:28:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

========== LOP Check ==========

[2012/03/01 09:54:20 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/03/01 09:52:58 | 000,028,812 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/29 23:22:10 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C055A8D3-B8EA-4012-8186-0049F0015DF0}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP