Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

DriverScanner Malware Changed File Extensions [Closed]

Started by brianmoran , Apr 11 2013 04:04 AM

  • This topic is locked This topic is locked

#1
brianmoran
Posted 11 April 2013 - 04:04 AM

brianmoran

    New Member

  • Member
  • Pip
  • 1 posts
Hi There,

Machine became infected with DriverScanner malware, now I cannot run exe files and all file associations seems to have been removed.
Here is my OTL log: Would be grateful if you could help.

OTL logfile created on: 4/11/2013 8:20:29 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 83.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 84.42 Gb Free Space | 56.64% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (Yontoo Desktop Updater)
SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2013/04/09 22:38:40 | 000,107,520 | ---- | M] () [Auto] -- C:\Documents and Settings\Sarah\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/03/13 16:58:18 | 000,080,224 | ---- | M] (SafeApp Software, LLC) [Auto] -- C:\Program Files\Disk Cleaner\DiskCleanerService.exe -- (Disk Cleaner Service)
SRV - [2013/03/08 00:50:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/11/29 03:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Mal_warebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/04/13 15:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 15:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 15:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 15:42:24 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/12/06 20:25:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/07 18:22:10 | 000,150,064 | ---- | M] (VMware, Inc.) [Auto] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2007/10/07 18:22:10 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2007/10/07 18:21:50 | 000,109,104 | ---- | M] (VMware, Inc.) [Auto] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2007/03/22 19:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2007/01/18 20:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006/07/14 12:43:26 | 000,534,040 | ---- | M] (PDF Complete Inc) [Auto] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2006/05/11 12:40:06 | 000,358,008 | ---- | M] (Protection Technology (StarForce)) [Auto] -- C:\WINDOWS\System32\sfrem02.exe -- (sfrem02) FrontLine Drivers Auto Removal (v2)
SRV - [2002/10/18 15:04:10 | 000,101,136 | ---- | M] () [On_Demand] -- C:\ora60\BIN\ONRSD80.EXE -- (OracleClientCache80)
SRV - [2002/04/30 00:23:46 | 000,057,603 | ---- | M] (Oracle Corporation) [Auto] -- C:\ora92\bin\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2002/04/26 04:34:38 | 000,242,328 | ---- | M] () [On_Demand] -- C:\ora92\bin\ONRSD.EXE -- (OracleORA92ClientCache)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Boot] -- -- (svahgwnj)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/11/29 03:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/06/17 01:49:22 | 004,756,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 10:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/21 07:34:38 | 000,097,216 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/10/07 18:22:48 | 000,924,976 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2007/10/07 18:22:48 | 000,034,864 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2007/10/07 18:22:46 | 000,025,008 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2007/10/07 18:22:46 | 000,020,912 | ---- | M] (VMware, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2007/10/07 18:22:16 | 000,015,920 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2007/10/07 17:31:30 | 000,028,592 | R--- | M] (VMware, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2007/10/07 17:31:30 | 000,016,816 | R--- | M] (VMware, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2007/10/07 17:31:28 | 000,030,768 | R--- | M] (VMware, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2007/06/28 20:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/03/22 19:03:00 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto] -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006/12/13 02:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2006/11/23 00:03:48 | 000,081,152 | ---- | M] (Cmotech Co., Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmusbnet.sys -- (cmusbnet) WAN Driver @ 3GPP (6280)
DRV - [2006/10/15 09:58:36 | 000,472,832 | ---- | M] (D-Link Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2006/09/11 07:57:56 | 000,067,960 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv02.sys -- (sfdrv02) FrontLine Environment Driver (v2)
DRV - [2006/07/28 20:20:28 | 000,043,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2006/06/14 13:12:13 | 000,078,184 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/06/05 07:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/04/04 17:20:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/12/10 20:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/03/09 17:42:00 | 000,227,584 | ---- | M] (D-Link Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\m4cxw2k3.sys -- (m4cxw2k3)
DRV - [2004/08/03 20:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 20:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 20:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 20:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 20:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 20:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 20:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 20:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 20:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 20:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 20:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 20:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 20:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 20:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 20:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\Sarah_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\Sarah_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sarah_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{965E66B8-F358-46FE-9EE6-AFAE932B568D}: C:\Documents and Settings\Sarah\Local Settings\Application Data\{965E66B8-F358-46FE-9EE6-AFAE932B568D} [2010/03/26 05:40:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 00:50:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/08 00:50:19 | 000,000,000 | ---D | M]

[2013/03/08 00:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 00:50:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/22 23:59:43 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/20 08:44:54 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2007/02/11 18:29:34 | 000,000,775 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 192.168.0.10 wport
O1 - Hosts: 192.168.0.7 wport5
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Sarah\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Sarah_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [D-Link AirPlus XtremeG DWL-G520] C:\Program Files\D-Link\AirPlus XtremeG DWL-G520\AirPlusCFG.exe (D-Link)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Mal_warebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SDMSSplash] C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\Sarah_ON_C..\Run: [Disk Cleaner] C:\Program Files\Disk Cleaner\DiskCleaner.Exe (SafeApp Software, LLC)
O4 - HKU\Sarah_ON_C..\Run: [Yontoo Desktop] C:\Documents and Settings\Sarah\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Telstra Turbo Modem Manager.lnk = C:\Program Files\Telstra\Telstra Turbo Modem Manager\Service\MdmMgr.exe (TODO: <Company name>)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Sarah_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\dcsws2.dll (DiamondCS)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\dcsws2.dll (DiamondCS)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\dcsws2.dll (DiamondCS)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.11
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - File not found
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/12 01:53:00 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/04/11 04:35:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2013/04/11 04:34:47 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/04/11 04:34:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/04/11 04:34:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/04/11 04:34:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2013/04/11 04:34:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/04/11 04:34:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/04/11 04:34:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2013/04/11 04:34:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/04/11 04:34:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/04/11 04:34:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2013/04/11 04:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2013/04/11 04:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2013/04/11 04:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2013/04/11 04:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2013/04/11 04:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2013/04/09 22:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Uniblue
[2013/04/09 22:43:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2013/04/09 22:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2013/04/09 22:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2013/04/09 22:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uninstall Helper
[2013/04/09 22:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
[2013/04/09 22:42:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\IETldCache
[2013/04/09 22:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013/04/09 22:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Application Data\Yontoo
[2013/04/09 22:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Disk Cleaner
[2013/04/09 22:39:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/04/09 22:39:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2013/04/09 22:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/04/09 22:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Application Data\Uniblue
[2013/04/09 22:38:39 | 000,000,000 | ---D | C] -- C:\Program Files\Disk Cleaner
[2013/04/09 22:38:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sarah\Application Data\DefaultTab
[2013/04/09 22:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/04/09 22:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/03/20 16:16:38 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/20 16:16:38 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/03/13 16:58:10 | 000,389,120 | ---- | C] (SafeApp Software, LLC) -- C:\WINDOWS\System32\DiskCleanerLM.ocx
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/11 05:05:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/11 04:38:53 | 000,579,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/11 04:38:53 | 000,115,566 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/11 04:35:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/11 04:34:56 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2013/04/11 04:33:08 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2013/04/11 04:33:08 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\dsmonitor.job
[2013/04/10 18:59:41 | 000,329,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 18:54:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/10 18:39:03 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2013/04/10 18:28:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-168272666-3280425979-916354177-1011UA.job
[2013/04/10 06:28:05 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-168272666-3280425979-916354177-1011Core.job
[2013/04/09 22:43:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/09 22:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uninstall Helper
[2013/04/09 22:40:49 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Disk Cleaner.lnk
[2013/04/09 22:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Disk Cleaner
[2013/04/09 22:39:53 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2013/04/09 22:39:52 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/04/09 22:39:50 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Sarah\ntuser.pol
[2013/04/09 22:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2013/04/06 07:05:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/04/05 05:06:43 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\Microsoft Office Word 2003.lnk
[2013/03/28 10:29:17 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/28 10:29:17 | 000,002,290 | ---- | M] () -- C:\Documents and Settings\Sarah\Desktop\Google Chrome.lnk
[2013/03/13 16:58:10 | 000,389,120 | ---- | M] (SafeApp Software, LLC) -- C:\WINDOWS\System32\DiskCleanerLM.ocx
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/11 04:34:56 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2013/04/11 04:34:47 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2013/04/11 04:34:47 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/11 04:34:47 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2013/04/11 04:34:47 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2013/04/11 04:34:47 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2013/04/11 04:34:47 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/04/09 22:46:16 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2013/04/09 22:43:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/04/09 22:41:24 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\dsmonitor.job
[2013/04/09 22:40:49 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Disk Cleaner.lnk
[2013/04/09 22:39:53 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverScanner.lnk
[2013/04/09 22:39:52 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/04/09 22:39:50 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Sarah\ntuser.pol
[2012/10/06 02:45:38 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\F30135828D.sys
[2012/10/06 02:42:59 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2012/08/14 05:04:03 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Sarah\Local Settings\Application Data\fusioncache.dat
[2012/08/14 04:59:20 | 000,109,823 | ---- | C] () -- C:\WINDOWS\hppins02.dat.temp
[2012/08/14 04:59:20 | 000,001,883 | ---- | C] () -- C:\WINDOWS\hppmdl02.dat.temp
[2012/06/25 03:54:24 | 000,128,756 | ---- | C] () -- C:\WINDOWS\hppins02.dat
[2012/06/25 03:54:24 | 000,001,883 | ---- | C] () -- C:\WINDOWS\hppmdl02.dat
[2012/06/25 03:54:09 | 000,000,392 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2012/06/25 03:53:48 | 000,001,189 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2012/06/25 03:51:40 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\HPPCPR01.DLL
[2012/06/25 03:51:40 | 000,000,630 | ---- | C] () -- C:\WINDOWS\System32\HPPCPR01.DAT
[2012/02/16 03:24:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/08 03:33:30 | 000,001,996 | ---- | C] () -- C:\WINDOWS\System32\drivers\HDACfg.dat
[2010/10/12 22:31:07 | 000,001,648 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2010/05/23 10:06:10 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/04/14 13:02:59 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/26 05:40:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ulecoqafaripe.dat
[2010/03/26 05:40:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jqemakizaxi.bin
[2010/03/26 05:36:25 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\jasltw.dat
[2009/11/10 00:02:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/11 05:51:11 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2009/06/07 01:36:40 | 000,093,310 | ---- | C] () -- C:\WINDOWS\News Rover Uninstaller.exe
[2009/05/29 23:42:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2009/03/24 02:36:32 | 000,074,752 | ---- | C] () -- C:\Documents and Settings\Sarah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 20:01:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2008/11/01 22:44:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/02/14 18:15:48 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2008/02/14 18:15:47 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2008/02/14 18:15:30 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2008/02/14 18:15:29 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2008/02/14 18:15:29 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2008/02/14 18:15:29 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/11/29 18:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/11/28 17:52:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/11/26 17:37:58 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/11/08 17:09:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/11/06 23:29:21 | 000,000,702 | ---- | C] () -- C:\WINDOWS\NewsRover.INI
[2007/06/28 20:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/05/01 03:01:46 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2007/05/01 03:01:46 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2007/02/12 19:20:25 | 000,000,311 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/02/08 01:56:08 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\voicestub.dll
[2007/02/05 18:49:45 | 000,000,229 | ---- | C] () -- C:\WINDOWS\SoxModem.INI
[2007/02/05 18:49:37 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\SoxMan.dll
[2007/02/01 19:31:05 | 000,001,204 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2007/02/01 19:28:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2007/01/04 00:43:07 | 000,000,480 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/03 23:34:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/03 23:30:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/01/03 23:19:35 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/01/03 23:19:35 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2007/01/03 23:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/01/03 23:16:19 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/01/03 23:16:19 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/01/03 23:16:18 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/01/03 23:16:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/01/03 23:09:10 | 000,000,720 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/12/13 22:09:54 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2006/07/02 19:59:57 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2006/05/16 09:54:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 20:43:56 | 000,579,190 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 20:43:56 | 000,115,566 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 20:39:48 | 000,329,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 20:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 20:27:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/11/29 20:28:45 | 000,254,464 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT2X.DLL
[2003/01/07 01:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/17 16:30:26 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/17 16:30:26 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/17 16:15:40 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/07/21 17:36:50 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/07/21 17:36:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/07/06 14:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/03/27 22:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[1999/07/29 18:24:34 | 000,000,218 | ---- | C] () -- C:\WINDOWS\oraodbc.ini

========== LOP Check ==========

[2013/04/08 05:36:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Sarah\Application Data\.#
[2009/12/05 02:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Azureus
[2013/04/09 22:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\DefaultTab
[2010/04/13 10:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Facebook
[2010/08/29 05:31:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\GameTuts
[2010/08/29 05:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Mael
[2009/11/08 10:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Moyea
[2009/09/18 00:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\MSNInstaller
[2010/05/23 10:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Orbit
[2013/03/04 05:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\TeraCopy
[2013/04/09 22:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Uniblue
[2011/04/20 00:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\uTorrent
[2011/02/20 23:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\WindSolutions
[2013/04/10 18:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Yontoo
[2013/04/09 22:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2009/12/05 00:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/11/23 06:47:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/04/09 22:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disk Cleaner
[2007/12/09 19:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewsBin
[2007/11/26 17:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/12/20 22:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2013/04/09 22:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2008/11/01 22:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/04/09 22:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2011/02/20 23:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/12/26 01:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/04/11 04:33:08 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2013/04/11 04:33:08 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\dsmonitor.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 512 bytes -> C:\WINDOWS\System32\sapregsv.exe:CA_INOCULATEIT
@Alternate Data Stream - 512 bytes -> C:\oraxp.bat:CA_INOCULATEIT
< End of report >
  • 0

Advertisements

#2
Buddierdl
Posted 11 April 2013 - 07:35 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello brianmoran :) and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently reviewing your log and will post some instructions soon.

Did you have to boot to OTLPE to get the scan? Will OTL not run in Normal boot or Safe Mode?

Could you please try running this version, download here.
  • 0

#3
Buddierdl
Posted 15 April 2013 - 07:17 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP