Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Kazy.27226.7

Started by bovine1 , Jun 24 2011 05:19 PM

  • Please log in to reply

#1
bovine1
Posted 24 June 2011 - 05:19 PM

bovine1

    New Member

  • Member
  • Pip
  • 1 posts
Hello and thanks in advance. Avira identified this on my computer but can't remove it. Malwarebytes can't either. Here's my OTL log:OTL logfile created on: 6/24/2011 6:09:58 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Ron\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.10 Mb Total Physical Memory | 369.86 Mb Available Physical Memory | 41.32% Memory free
2.12 Gb Paging File | 1.67 Gb Available in Paging File | 79.09% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 134.05 Gb Total Space | 112.46 Gb Free Space | 83.89% Space Free | Partition Type: NTFS

Computer Name: ACER-42041E6643 | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/24 18:09:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ron\My Documents\Downloads\OTL.exe
PRC - [2011/06/24 18:05:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ron\My Documents\Downloads\HijackThis(1).exe
PRC - [2011/06/24 10:34:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/23 18:49:19 | 000,565,248 | ---- | M] () -- C:\WINDOWS\system32\capesnpn32.exe
PRC - [2011/06/23 18:49:16 | 000,565,248 | ---- | M] () -- C:\WINDOWS\system32\sti32.exe
PRC - [2011/06/23 18:49:16 | 000,565,248 | ---- | M] () -- C:\WINDOWS\system32\basesrv32.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/05/15 01:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2008/12/18 14:05:40 | 000,457,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/12/18 14:05:40 | 000,191,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/24 18:09:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ron\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/06/23 18:49:19 | 000,565,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\capesnpn32.exe -- (xmlprov32)
SRV - [2011/06/23 18:49:16 | 000,565,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\sti32.exe -- (Themes32)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/15 01:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2008/12/18 14:05:40 | 000,457,248 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/12/18 14:05:40 | 000,191,008 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)


========== Driver Services (SafeList) ==========

DRV - [2011/06/24 18:01:40 | 000,190,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/22 10:37:50 | 005,082,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/01/22 02:43:56 | 000,046,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/12/02 13:52:00 | 000,058,800 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/12/02 13:52:00 | 000,017,840 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/12/02 13:52:00 | 000,015,280 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/11/12 04:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/08/24 14:22:40 | 000,014,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/08/05 07:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/31 22:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/07/31 22:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/04 02:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=aspire_r1600
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 75 B1 F9 12 8E 0A 19 48 B1 D9 1C 61 AA 0A B3 C8 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.1


FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 10:34:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/20 13:02:56 | 000,000,000 | ---D | M]

[2010/01/20 20:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ron\Application Data\Mozilla\Extensions
[2011/06/24 10:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\8ievowf2.default\extensions
[2010/02/12 07:23:19 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\8ievowf2.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2011/06/24 13:05:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\8ievowf2.default\extensions\{5a29fdbe-2bdd-4b62-b2c6-b585fff9e03e}
[2011/02/06 08:55:04 | 000,000,000 | ---D | M] (PriceBlink) -- C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\8ievowf2.default\extensions\[email protected]
[2011/06/17 19:07:26 | 000,001,941 | ---- | M] () -- C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\8ievowf2.default\searchplugins\goodsearch.xml
[2010/03/15 20:20:15 | 000,010,025 | ---- | M] () -- C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\8ievowf2.default\searchplugins\mywebsearch.xml
[2010/11/09 10:09:24 | 000,002,160 | ---- | M] () -- C:\Documents and Settings\Ron\Application Data\Mozilla\Firefox\Profiles\8ievowf2.default\searchplugins\startpage-https.xml
[2011/04/04 10:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8IEVOWF2.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\8IEVOWF2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010/01/23 20:05:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/01/20 21:05:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/24 10:34:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {12F9B175-0A8E-4819-B1D9-1C61AA0AB3C8} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.100 208.180.42.68
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/12 20:00:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{fad10664-951b-11df-8b74-b48932a21c0b}\Shell\AutoRun\command - "" = D:\Setup_FlipShare.exe
O33 - MountPoints2\{fad10664-951b-11df-8b74-b48932a21c0b}\Shell\Setup FlipShare\command - "" = D:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/24 18:01:41 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/24 18:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\log
[2011/06/24 14:36:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ron\Recent
[2011/06/24 12:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/24 12:38:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/06/18 07:58:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/08/12 20:44:50 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ron\Desktop\*.tmp files -> C:\Documents and Settings\Ron\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Ron\*.tmp files -> C:\Documents and Settings\Ron\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/24 18:06:49 | 000,433,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/24 18:06:49 | 000,067,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/24 18:02:34 | 000,234,676 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/06/24 18:02:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/24 18:02:21 | 938,655,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/24 18:01:40 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/06/24 17:30:53 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\housecall.guid.cache
[2011/06/24 17:11:30 | 000,000,095 | ---- | M] () -- C:\WINDOWS\System32\1823184306
[2011/06/24 14:37:52 | 000,014,200 | ---- | M] () -- C:\Documents and Settings\Ron\My Documents\cc_20110624_143736.reg
[2011/06/23 18:49:19 | 000,565,248 | ---- | M] () -- C:\WINDOWS\System32\capesnpn32.exe
[2011/06/23 18:49:16 | 000,565,248 | ---- | M] () -- C:\WINDOWS\System32\sti32.exe
[2011/06/23 18:49:16 | 000,565,248 | ---- | M] () -- C:\WINDOWS\System32\basesrv32.exe
[2011/06/20 13:02:57 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/17 19:58:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/09 07:40:18 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/30 17:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ron\Desktop\*.tmp files -> C:\Documents and Settings\Ron\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Ron\*.tmp files -> C:\Documents and Settings\Ron\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/24 17:30:53 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\housecall.guid.cache
[2011/06/24 14:39:17 | 938,655,744 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/24 14:37:41 | 000,014,200 | ---- | C] () -- C:\Documents and Settings\Ron\My Documents\cc_20110624_143736.reg
[2011/06/23 18:49:21 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\capesnpn32.exe
[2011/06/23 18:49:21 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\basesrv32.exe
[2011/06/23 18:49:19 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\sti32.exe
[2011/06/23 18:49:19 | 000,000,095 | ---- | C] () -- C:\WINDOWS\System32\1823184306
[2011/01/25 20:42:43 | 000,079,024 | ---- | C] () -- C:\WINDOWS\hpfins05.dat.temp
[2011/01/25 20:42:43 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat.temp
[2010/05/17 20:44:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\wklnhst.dat
[2010/05/11 13:41:31 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 19:27:03 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/01/30 12:54:03 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/01/28 18:27:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 20:13:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/07 11:44:27 | 000,077,901 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2010/01/07 11:44:27 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2009/08/12 21:21:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/08/12 20:45:15 | 001,580,382 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/12 20:44:50 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe
[2009/08/12 20:44:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/12 20:44:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/08/12 20:44:28 | 000,433,698 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/12 20:44:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/08/12 20:44:28 | 000,067,984 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/12 20:44:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/08/12 20:44:28 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/08/12 20:44:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/08/12 20:44:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/08/12 20:44:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/08/12 20:44:19 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/08/12 20:44:17 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/08/12 20:08:23 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/08/12 20:03:42 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2009/08/12 20:03:42 | 000,006,999 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/08/12 20:02:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/12 19:58:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/12 19:57:48 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/08/12 12:55:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/12 12:54:45 | 000,249,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/24 16:06:46 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/05/24 16:06:46 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/05/24 16:06:46 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/05/24 16:06:44 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/24 16:06:44 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/24 16:06:44 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/24 16:06:44 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 13:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:F880DE59
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:5D7E5A8F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:F3176E45
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:4CF61E54
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:798A3728
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:AB689DEA

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP