Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Security Tool

Started by Ginger Stone , Nov 12 2010 11:23 AM

  • Please log in to reply

#1
Ginger Stone
Posted 12 November 2010 - 11:23 AM

Ginger Stone

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I am running Windows XP on a Acer Notebook. I have been having problems with my computer being slow and freezing during startup and shutdown. Today I uninstalled AVG 2011 because I was told it could be causing problems. After restarting I now have a program called Security Tool running and I can not get rid of it. It will not allow me to open any program on my computer as it says that it is infected. I also can not download any malware/virus removal programs as the program tells me that they are infected with a Trojan worm. When I click on the security tool program I receive a page that wants me to buy the program in order to "remove" the 41 infections on my computer. About every 2 minutes a window pop ups asking if I want to remove the infections or continue unprotected. As you can imagine it is very annoying. Except for Firefox ALL other programs I am locked out of including trying to click on My Computer. I am not able to post my OTL report I get "notepad.exe is infected with Trojan-PSW.Win32.Lmir.a. This worm is trying to send your credit card details using notepad.exe to connect remote host." I was able to attach it, so hopefully you will be able to open it. PLEASE HELP!!!! :D

Thank you in advance,
Ginger

Since posting this I have been able to boot the computer in safe mode. I was able to download and install Malwarebytes and run it. After finding 22 infections and asking me to restart, I am not able to reopen Malware due to a runtime error in rundll. I am also still having to start in safe mode as normal mode will not allow me to open programs and the SolutionsCenter is still trying to install. I have run another OTL:

ndOTL logfile created on: 11/12/2010 1:50:46 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Alice\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00003009 | Country: Zimbabwe | Language: ENW | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 735.00 Mb Available Physical Memory | 73.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 119.40 Gb Free Space | 82.82% Space Free | Partition Type: NTFS

Computer Name: PETE | User Name: Alice | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/12 13:50:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alice\Desktop\OTL.exe
PRC - [2009/08/24 15:15:03 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/12 13:50:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alice\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\ComboFix\PEV.cfx -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/06/05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NPF.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2008/08/07 05:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/06 16:54:14 | 000,151,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2008/07/07 20:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/20 19:31:26 | 001,312,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/05/20 04:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/24 20:17:10 | 000,225,024 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/04/14 22:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2008/04/14 22:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 22:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2008/04/14 22:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2008/04/14 22:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2008/04/14 22:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2008/04/14 22:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2008/04/14 22:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2008/04/14 22:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2008/04/14 22:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2008/04/14 22:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2008/04/14 22:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2008/04/14 22:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2008/04/14 22:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2008/04/14 22:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2008/04/14 22:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2008/04/14 02:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 02:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/02/15 00:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/08 01:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...d=0209&m=aoa150
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.2.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/12 12:56:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/29 10:44:56 | 000,000,000 | ---D | M]

[2009/09/20 18:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\Mozilla\Extensions
[2010/11/12 11:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\Mozilla\Firefox\Profiles\blz0npkc.default\extensions
[2009/09/20 18:50:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Alice\Application Data\Mozilla\Firefox\Profiles\blz0npkc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/18 11:47:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Alice\Application Data\Mozilla\Firefox\Profiles\blz0npkc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/22 20:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\Mozilla\Firefox\Profiles\blz0npkc.default\extensions\[email protected]
[2010/11/12 11:44:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/19 13:57:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/29 10:38:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/14 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe File not found
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [M3000Mnt] File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [sniffer] C:\WINDOWS\Temp\_ex-08.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (vrlo.kdo) - File not found
O20 - HKLM Winlogon: Shell - (rcujvp) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Alice\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Alice\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 12:37:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0cb90d5e-17d2-11de-a5aa-00234e8b7a7f}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{e735a5aa-cbe5-11df-a669-00234e8b7a7f}\Shell - "" = AutoRun
O33 - MountPoints2\{e735a5aa-cbe5-11df-a669-00234e8b7a7f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e735a5aa-cbe5-11df-a669-00234e8b7a7f}\Shell\AutoRun\command - "" = D:\EasySuite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/12 13:50:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alice\Desktop\OTL.exe
[2010/11/12 13:27:09 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/12 13:25:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/12 13:25:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/12 13:25:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/12 13:25:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/12 13:24:52 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/11/12 13:24:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/12 13:11:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/12 13:11:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/12 13:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/11 11:11:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/11/11 10:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Alice\Application Data\AVG10
[2010/11/11 10:52:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/11 10:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

========== Files - Modified Within 30 Days ==========

[2010/11/12 13:50:36 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alice\Desktop\OTL.exe
[2010/11/12 13:43:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/12 13:32:28 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\flouqi.sys
[2010/11/12 13:27:15 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/12 13:11:28 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 11:23:53 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/12 11:23:53 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/05 10:40:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/18 19:18:55 | 000,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/10/17 14:15:03 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 18:33:10 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2010/11/12 13:32:28 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\flouqi.sys
[2010/11/12 13:27:15 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/12 13:27:12 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/12 13:25:00 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/12 13:25:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/12 13:25:00 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/12 13:25:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/12 13:25:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/12 13:11:28 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/08 18:53:16 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/02/10 18:51:18 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/15 15:37:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/15 12:37:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/30 21:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/05 11:01:02 | 000,151,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\M3000KNT.sys
[2008/04/14 22:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/15 00:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/07/13 10:49:00 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\M3000DIF.dll
[2005/03/28 17:45:26 | 000,000,153 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2003/09/22 09:49:36 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2002/11/22 04:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 04:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 04:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 04:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 04:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 04:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

========== LOP Check ==========

[2010/11/11 10:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\AVG10
[2009/02/12 19:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alice\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/11 10:52:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/11 10:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/09/29 10:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   41.88KB   87 downloads

Edited by Ginger Stone, 12 November 2010 - 12:54 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP