Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another one! -Google redirect

Started by PSorokin , Jan 22 2010 11:57 AM

  • Please log in to reply

#1
PSorokin
Posted 22 January 2010 - 11:57 AM

PSorokin

    Member

  • Member
  • PipPip
  • 36 posts
I have two computers with a virus on each one! They seem to be different. The more malicious one has disabled system restore and malware bytes. I'm running Rootrepeal on it right now. I guess I'll have to start a new thread for that one.

This one is a little more benign. A couple of days ago, it seemed to restart my computer a couple of times with the error message that windows had "stopped Generic Host Processes for Win 32 services." I ran McAfee and got rid of something called "dialer 182". The restarting seems to have stopped, but I'm still getting Google redirects.

Malware bytes seemed to find nothing. I don't know if I still need to post the log, but I will anyway. OTL log here too. For some reason, I can't seem to get gmer to run. It's given me a blue screen once and locked up my computer another time. I'm going to go ahead and post this. Perhaps it will be enough. I'll try again with gmer.

OTL logfile created on: 1/22/2010 11:31:32 AM - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = F:\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 121.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.58 Gb Total Space | 14.62 Gb Free Space | 36.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 34.89 Gb Total Space | 13.24 Gb Free Space | 37.95% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 49.39 Gb Total Space | 49.19 Gb Free Space | 99.60% Space Free | Partition Type: NTFS

Computer Name: LORIN
Current User Name: Lorin Kee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/22 11:28:17 | 00,547,840 | ---- | M] (OldTimer Tools) -- F:\My Documents\Downloads\OTL.exe
PRC - [2010/01/21 01:24:00 | 00,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Lorin Kee\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/11/03 08:18:00 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Lorin Kee\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/09 11:02:28 | 00,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/06/09 11:02:28 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/06/09 11:01:32 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/27 17:03:46 | 00,759,072 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe
PRC - [2008/07/23 08:44:16 | 00,065,536 | ---- | M] () -- C:\WINDOWS\SYSTEM32\piserv.exe
PRC - [2008/05/16 10:55:50 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/06/13 04:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 01:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe
PRC - [2003/10/31 12:38:50 | 00,442,368 | ---- | M] (Home) -- C:\Program Files\Desktop Calendar\Desktop Calendar.exe
PRC - [2001/09/25 05:00:52 | 00,061,440 | ---- | M] (GEAR Software) -- C:\WINDOWS\SYSTEM32\GEARSEC.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/22 11:28:17 | 00,547,840 | ---- | M] (OldTimer Tools) -- F:\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 09:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/01/06 10:16:57 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/06/09 11:01:32 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/03/24 08:24:46 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/27 17:03:46 | 00,759,072 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\CE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Corporate.9.0)
SRV - [2008/07/23 08:44:16 | 00,065,536 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\piserv.exe -- (piserv)
SRV - [2008/02/04 14:18:32 | 00,504,104 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/01/15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/08/01 10:04:08 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/13 06:35:12 | 00,065,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\SYSTEM32\nwwks.dll -- (NWCWorkstation)
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2001/09/25 05:00:52 | 00,061,440 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\SYSTEM32\GEARSEC.EXE -- (GEARSecurity)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/05/24 11:58:35 | 00,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [2chkdsk] C:\WINDOWS\qopmkk.DLL File not found
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [sysinter] C:\WINDOWS\System32\adirss.exe File not found
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKCU..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe (Home)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Lorin Kee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Lorin Kee\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://www.qoolaid.c...4/installer.exe (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} http://scpwbe.ops.pl...quicksilver.cab (Quicksilver Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...76/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://mapg.fmd.emor...ll/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1195229523468 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....02/cpbrkpie.cab (cpbrkpie Control)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...CAB?38019.41375 (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,19/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.c...ers/play365.cab (Live365Player Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlonte...2ie06041001.cab (Reg Error: Key error.)
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} http://download.abac...abasetup150.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.50
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\xartcd5: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: G:\My Documents\My Pictures\Alex_&_Annie_desktop2.jpg
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lorin Kee\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - C:\Program Files\Trend Micro\Tmas\sshook.dll File not found
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 13:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6998f302-e40e-11de-91f0-000d56c7f721}\Shell - "" = AutoRun
O33 - MountPoints2\{6998f302-e40e-11de-91f0-000d56c7f721}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6998f302-e40e-11de-91f0-000d56c7f721}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2004/05/06 15:04:02 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - C:\WINDOWS\SYSTEM32\nwwks.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17454841580224512)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/22 11:13:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/01/21 16:20:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/21 16:19:14 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/14 09:06:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Kropotkin, Peter – The Conquest of bread
[2010/01/14 09:05:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\MISC interviews
[2010/01/07 08:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/06 10:17:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/08/04 14:15:21 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Program Files\GraphEdt.exe
[2007/03/20 14:12:01 | 01,308,216 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HiJT_v2.exe
[2007/03/12 07:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ApplicationHistory
[2007/03/12 07:08:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2007/03/12 07:08:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2004/09/01 14:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Kinko's
[2004/08/26 13:50:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/03/26 08:03:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/01/29 08:17:14 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/01/29 08:17:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/22 11:35:00 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{14A6C3C5-8BB7-4B40-B717-8BBCE1CCF62C}.job
[2010/01/22 11:24:13 | 00,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2607827360-3859404851-2139719069-1006UA.job
[2010/01/22 11:23:53 | 00,002,322 | ---- | M] () -- C:\Documents and Settings\Lorin Kee\Desktop\Google Chrome.lnk
[2010/01/22 11:22:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/22 11:18:18 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/01/22 11:15:16 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/22 11:14:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/22 11:14:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/22 11:14:42 | 53,484,3392 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/22 10:21:58 | 14,155,776 | ---- | M] () -- C:\Documents and Settings\Lorin Kee\ntuser.bak
[2010/01/22 08:23:03 | 00,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2607827360-3859404851-2139719069-1006Core.job
[2010/01/21 14:33:57 | 13,930,496 | ---- | M] () -- C:\Documents and Settings\Lorin Kee\ntuser.dat
[2010/01/21 14:31:05 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Lorin Kee\NTUSER.INI
[2010/01/21 14:29:24 | 00,000,735 | ---- | M] () -- C:\WINDOWS\MIR.INI
[2010/01/21 14:22:46 | 00,011,572 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/01/21 09:20:50 | 02,988,032 | ---- | M] () -- C:\Documents and Settings\Lorin Kee\My Documents\McAfee virt tech.msi
[2010/01/18 08:03:47 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/18 04:37:00 | 01,426,898 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\univers.zip
[2010/01/15 13:54:51 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/15 13:53:53 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/01/15 13:53:52 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/14 14:05:56 | 00,000,520 | ---- | M] () -- C:\WINDOWS\System32\asfxt.dng
[2010/01/08 11:58:56 | 00,064,000 | ---- | M] () -- C:\Documents and Settings\Lorin Kee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/21 14:33:55 | 13,930,496 | ---- | C] () -- C:\Documents and Settings\Lorin Kee\ntuser.dat
[2010/01/21 09:35:35 | 02,988,032 | ---- | C] () -- C:\Documents and Settings\Lorin Kee\My Documents\McAfee virt tech.msi
[2010/01/18 04:37:00 | 01,426,898 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\univers.zip
[2010/01/15 13:53:53 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/01/15 13:53:52 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/01/04 15:04:08 | 00,007,358 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/12/15 10:58:17 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2009/12/15 10:27:51 | 00,000,884 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2009/12/14 10:13:23 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Lorin Kee\Application Data\PFP110JPR.{PB
[2009/12/14 10:13:23 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Lorin Kee\Application Data\PFP110JCM.{PB
[2008/08/05 07:36:44 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/08/04 15:33:46 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/02/15 10:03:15 | 00,006,925 | ---- | C] () -- C:\WINDOWS\System32\LANGMONI.DLL
[2007/07/12 07:08:23 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/05/16 07:53:48 | 00,000,083 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/04/22 18:15:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 18:01:47 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/20 14:12:29 | 00,008,865 | ---- | C] () -- C:\Program Files\hijackthis.log
[2007/03/20 13:37:38 | 01,176,153 | -HS- | C] () -- C:\WINDOWS\kkmpoq.ini
[2007/03/20 09:19:25 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\zlbw.dll
[2007/03/19 15:40:59 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\fontqxet.dll
[2007/03/19 14:40:52 | 00,000,013 | ---- | C] () -- C:\WINDOWS\System32\rasqervy.dll
[2007/03/19 14:40:51 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\sdfinacs.dll
[2007/03/19 14:33:50 | 00,000,115 | ---- | C] () -- C:\WINDOWS\System32\wuasirvy.dll
[2007/03/19 14:33:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\xartcd7.sys
[2007/03/19 10:46:31 | 01,176,624 | -HS- | C] () -- C:\WINDOWS\cbeddd.ini
[2007/03/12 07:08:14 | 00,000,135 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\fusioncache.dat
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/08/23 08:18:13 | 00,001,390 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/04 08:28:24 | 00,000,039 | ---- | C] () -- C:\WINDOWS\KeplerAstrology.INI
[2006/07/07 11:18:46 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/07/07 08:15:33 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Lorin Kee\Application Data\internaldb41.dat
[2006/07/07 08:15:10 | 00,000,226 | ---- | C] () -- C:\WINDOWS\em06y.ini
[2006/06/07 07:30:44 | 00,000,735 | ---- | C] () -- C:\WINDOWS\MIR.INI
[2005/08/18 07:44:19 | 00,002,150 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005/08/18 07:31:02 | 00,000,045 | ---- | C] () -- C:\WINDOWS\CJJFNIIM.ini
[2005/08/17 15:24:13 | 00,000,434 | ---- | C] () -- C:\WINDOWS\rryet.dll
[2005/07/14 11:31:20 | 00,027,648 | RHS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2005/06/21 21:37:42 | 00,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2005/06/03 10:29:14 | 00,000,116 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2005/06/03 09:30:27 | 00,000,308 | ---- | C] () -- C:\WINDOWS\apdfpr.ini
[2005/06/03 09:25:58 | 00,000,040 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2005/02/23 08:11:01 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/02/03 11:27:49 | 00,468,480 | ---- | C] () -- C:\WINDOWS\System32\NMDll.dll
[2005/02/03 11:27:49 | 00,020,480 | ---- | C] () -- C:\WINDOWS\yhl.dll
[2005/02/03 11:27:49 | 00,007,168 | ---- | C] () -- C:\WINDOWS\lq.dll
[2005/01/03 09:16:57 | 00,651,264 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/01/03 09:16:57 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/09/07 08:34:51 | 00,012,972 | ---- | C] () -- C:\Documents and Settings\Lorin Kee\Application Data\Tab Separated Values (Windows).CAL
[2004/09/07 08:16:57 | 00,012,976 | ---- | C] () -- C:\Documents and Settings\Lorin Kee\Application Data\Microsoft Excel.CAL
[2004/08/31 08:40:43 | 00,000,026 | ---- | C] () -- C:\WINDOWS\FPKPMSV.INI
[2004/07/30 07:36:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2004/06/21 11:01:09 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Lorin Kee.ini
[2004/06/11 12:20:41 | 00,000,029 | ---- | C] () -- C:\WINDOWS\AudACM.ini
[2004/06/11 08:10:14 | 00,000,633 | ---- | C] () -- C:\WINDOWS\GraphEdt.INI
[2004/05/14 07:40:21 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2004/05/03 08:07:37 | 00,000,044 | ---- | C] () -- C:\WINDOWS\A35W.INI
[2004/03/05 11:32:29 | 00,011,572 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/02/10 14:09:32 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\Lorin Kee\Local Settings\Application Data\fusioncache.dat
[2004/02/09 15:17:14 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2004/02/03 12:20:54 | 00,064,000 | ---- | C] () -- C:\Documents and Settings\Lorin Kee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/02 15:04:40 | 00,000,052 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/02/02 14:15:15 | 00,000,063 | ---- | C] () -- C:\WINDOWS\PXROBO_B.INI
[2004/02/02 12:56:46 | 00,006,915 | ---- | C] () -- C:\WINDOWS\System32\LANGMON.DLL
[2004/02/02 08:11:01 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2004/01/30 16:51:25 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/29 08:51:27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/29 08:43:10 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/29 08:41:03 | 00,000,233 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/29 08:29:29 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/29 08:18:44 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/15 07:01:26 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2003/10/16 15:50:50 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2002/08/29 05:00:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2000/11/29 09:50:40 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll
[1999/01/22 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/09/25 00:35:00 | 00,000,543 | ---- | C] () -- C:\WINDOWS\SUPMINI.INI
[1998/04/28 00:35:00 | 00,001,824 | ---- | C] () -- C:\WINDOWS\AS6E32.INI
[1997/12/09 00:35:00 | 00,003,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\AS6EIO.SYS

========== LOP Check ==========

[2009/12/15 10:27:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2005/09/22 10:40:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2008/02/15 10:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PTI
[2008/10/29 08:31:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/05/22 14:03:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\.ABC
[2006/04/04 13:35:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\.BitTornado
[2006/03/21 10:45:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\.bittorrent
[2006/06/09 09:10:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\Aladdin Systems
[2009/04/09 07:51:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\BitTorrent
[2008/09/02 15:56:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\DNA
[2005/12/13 14:31:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\Downloaded Installations
[2010/01/15 16:50:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\FileZilla
[2008/09/16 11:52:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\GetRightToGo
[2007/05/16 07:53:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\ICAClient
[2004/08/31 08:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\Kinko's
[2004/02/17 12:25:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\Leadertech
[2006/01/06 15:39:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\Netscape
[2007/11/16 14:00:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\OfficeUpdate12
[2009/05/22 15:32:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\Opera
[2009/06/09 11:42:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\Orbit
[2005/09/22 10:40:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\PACE Anti-Piracy
[2006/12/11 08:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\Snapfish
[2008/08/04 15:03:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\SolidDocuments
[2009/05/26 15:09:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\TotalRecorder
[2010/01/19 09:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\uTorrent
[2004/12/04 17:18:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lorin Kee\Application Data\WeatherBug
[2008/05/15 00:32:43 | 00,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/01/22 11:35:00 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{14A6C3C5-8BB7-4B40-B717-8BBCE1CCF62C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/26 13:33:08 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2004/08/26 13:33:08 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2001/08/17 13:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS
[2001/08/17 13:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 05:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 05:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/08/26 13:33:08 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2004/08/26 13:33:08 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002/10/01 07:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\pebuilder3110a\bart PE2\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[2004/08/03 23:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/01/21 05:30:02 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2010/01/21 05:30:02 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2003/04/23 09:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys
[2003/04/23 09:29:54 | 00,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[2004/08/04 01:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004/08/04 01:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2002/08/29 05:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL
[2002/08/29 05:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[2002/08/29 05:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2002/10/01 07:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\pebuilder3110a\bart PE2\I386\SYSTEM32\NETLOGON.DLL
[2002/08/29 05:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 01:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 01:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SYSTEM32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004/08/04 01:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SYSTEM32\scecli.dll
[2002/08/29 05:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2002/10/01 07:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\pebuilder3110a\bart PE2\I386\SYSTEM32\SCECLI.DLL
[2002/08/29 05:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 978 bytes -> C:\Documents and Settings\Lorin Kee\Cookies:EITYfK1eUbPFBq54xkO
@Alternate Data Stream - 948 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:JCIZSfo3QXqFpApKKJrh
@Alternate Data Stream - 881 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:9pkYBqb67Ea0dpcmLd53f
< End of report >

Malwarebytes' Anti-Malware 1.44
Database version: 3611
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

1/22/2010 10:15:23 AM
mbam-log-2010-01-22 (10-15-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 204227
Time elapsed: 1 hour(s), 59 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#2
PSorokin
Posted 22 January 2010 - 12:56 PM

PSorokin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I just realized that OTL didn't generate an "extras" file, despite the fact that I pasted the additional custom scans. Should I try again?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP