Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Wuauclt.exe virus? Log file attached

Started by sobe19 , Jan 21 2013 02:05 PM

  • Please log in to reply

#1
sobe19
Posted 21 January 2013 - 02:05 PM

sobe19

    New Member

  • Member
  • Pip
  • 1 posts
Hey!

I'm pretty sure I have the wuauclt.exe virus. I looked at other post on this site and scanned the computer using OTL but I need an expert opinion. Am I infected?

Thanks in advance!Attached File  OTL.Txt   45.71KB   75 downloads

OTL logfile created on: 1/21/2013 9:34:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Sobe\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 79.23% Memory free
3.32 Gb Paging File | 3.17 Gb Available in Paging File | 95.50% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1854F:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.38 Gb Total Space | 0.27 Gb Free Space | 0.83% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 83.31 Gb Free Space | 17.89% Space Free | Partition Type: NTFS

Computer Name: MACEWINDU | User Name: Sobe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/21 09:32:48 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sobe\Desktop\OTH.scr
PRC - [2013/01/21 09:28:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sobe\Desktop\OTL.com


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/11 09:46:07 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2009/05/28 16:26:13 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2007/02/15 19:56:49 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/30 17:57:00 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/10/12 15:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/17 15:54:12 | 000,014,336 | ---- | M] (YAMAHA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2006/02/08 11:24:34 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvmd2k.sys -- (nvmd)
DRV - [2005/08/24 15:24:44 | 001,120,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2002/09/25 12:02:28 | 000,023,392 | R--- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbks1x1.sys -- (USBKS1X1)
DRV - [2002/09/25 12:02:28 | 000,015,740 | R--- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - [2002/09/25 12:02:28 | 000,005,664 | R--- | M] (Doug Fetter Software Wizardry) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbmidim.sys -- (USBMIDIM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird 3 Beta 1\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 3 Beta 1\plugins

[2012/11/12 19:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sobe\Application Data\Mozilla\Extensions
[2008/12/29 19:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sobe\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Sobe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Sobe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Sobe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2007/09/17 10:57:42 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {C40B882A-2F78-44A4-A989-6AFEE448FBD1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: magicjack.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: talk4free.com ([reg] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F974C8E-75E7-4E57-ACC3-80B1CDA5B649}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\wvUmkkhi) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/15 12:46:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/30 16:39:34 | 000,000,173 | -H-- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/09 21:04:51 | 000,006,148 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5c5cdd6e-6ad7-11dc-9be6-000fb0ce74f3}\Shell - "" = AutoRun
O33 - MountPoints2\{5c5cdd6e-6ad7-11dc-9be6-000fb0ce74f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c5cdd6e-6ad7-11dc-9be6-000fb0ce74f3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{66d8b5a2-78d0-11dc-9c1b-000fb0ce74f3}\Shell - "" = AutoRun
O33 - MountPoints2\{66d8b5a2-78d0-11dc-9c1b-000fb0ce74f3}\Shell\Auto\command - "" = Cn911.exe
O33 - MountPoints2\{66d8b5a2-78d0-11dc-9c1b-000fb0ce74f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{66d8b5a2-78d0-11dc-9c1b-000fb0ce74f3}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
O33 - MountPoints2\{682fe5b5-887d-11dc-9c61-000fb0ce74f3}\Shell - "" = AutoRun
O33 - MountPoints2\{682fe5b5-887d-11dc-9c61-000fb0ce74f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{682fe5b5-887d-11dc-9c61-000fb0ce74f3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{a58b95f7-7058-11dc-9bf8-000fb0ce74f3}\Shell\AutoRun\command - "" = E:\LinksysConnectPC.exe
O33 - MountPoints2\{e5b62898-8bb0-11d8-9efb-000fb0ce74f3}\Shell - "" = AutoRun
O33 - MountPoints2\{e5b62898-8bb0-11d8-9efb-000fb0ce74f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e5b62898-8bb0-11d8-9efb-000fb0ce74f3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e5b62899-8bb0-11d8-9efb-000fb0ce74f3}\Shell - "" = AutoRun
O33 - MountPoints2\{e5b62899-8bb0-11d8-9efb-000fb0ce74f3}\Shell\Auto\command - "" = MicrosoftPowerPoint.exe
O33 - MountPoints2\{e5b62899-8bb0-11d8-9efb-000fb0ce74f3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e5b62899-8bb0-11d8-9efb-000fb0ce74f3}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
O33 - MountPoints2\{f849066e-94f1-11df-a461-000fb0ce74f3}\Shell\AutoRun\command - "" = D:\StartPortableApps.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\MyPasswords.exe
O33 - MountPoints2\F\Shell\open\command - "" = F:\MyPasswords.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/21 09:32:48 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sobe\Desktop\OTH.scr
[2013/01/21 09:30:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sobe\Desktop\OTL.exe
[2013/01/21 09:28:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sobe\Desktop\OTL.com
[2013/01/21 07:53:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/01/20 16:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
[2013/01/20 04:27:44 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmm.dll
[2013/01/19 10:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sobe\Start Menu\Programs\Revo Uninstaller
[2013/01/19 10:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/19 09:03:55 | 011,858,568 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Sobe\Desktop\AppRemover.exe
[2013/01/05 15:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\Sobe\My Documents\*.tmp files -> C:\Documents and Settings\Sobe\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/21 09:34:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/21 09:32:48 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sobe\Desktop\OTH.scr
[2013/01/21 09:30:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sobe\Desktop\OTL.exe
[2013/01/21 09:28:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sobe\Desktop\OTL.com
[2013/01/21 09:13:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/21 09:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Establishment Files.job
[2013/01/21 08:57:15 | 000,437,102 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/21 08:57:15 | 000,069,494 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/21 08:46:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/21 07:35:15 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Sobe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/21 07:35:14 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\Sobe\Desktop\Google Chrome.lnk
[2013/01/21 07:34:44 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 07:33:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/20 14:07:03 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2013/01/19 15:53:12 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/19 10:47:59 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Sobe\Desktop\Revo Uninstaller.lnk
[2013/01/19 09:21:40 | 000,000,009 | ---- | M] () -- C:\END
[2013/01/19 09:03:10 | 011,858,568 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Sobe\Desktop\AppRemover.exe
[2013/01/17 15:22:45 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Sobe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/17 00:01:22 | 000,013,690 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/06 00:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\Sobe\My Documents\*.tmp files -> C:\Documents and Settings\Sobe\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/19 10:47:59 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Sobe\Desktop\Revo Uninstaller.lnk
[2013/01/19 09:04:50 | 000,000,009 | ---- | C] () -- C:\END
[2013/01/19 07:50:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/03 16:22:18 | 014,284,213 | ---- | C] () -- C:\Documents and Settings\Sobe\Desktop\193049114X.pdf
[2012/07/07 07:31:35 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/23 10:32:13 | 008,673,792 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/04/27 13:50:29 | 000,015,752 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4247901167
[2010/04/27 11:40:10 | 000,015,736 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3T1g8RnkU
[2007/11/26 18:25:24 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Sobe\Application Data\$_hpcst$.hpc
[2007/09/21 21:23:26 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/09/19 20:14:10 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Sobe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/05/23 15:46:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5

< End of report >
  • 0

Advertisements

#2
Jintan
Posted 24 January 2013 - 07:42 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Welcome to Geeks2Go sobe19,


Not seeing any outright infection. Before we go further, are you experiencing any problems you feel need correcting?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP