Virus Unknown - from link (tekenburo-welling.nl) Continued

View previous topic View next topic Go down

Virus Unknown - from link (tekenburo-welling.nl) Continued

Post by sibob50 on Sat 18 Jun 2011, 4:41 am


THIS is a continuation of my Post 1

[2005/02/17 21:03:04 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\MPEGAVMM.DLL
[2005/02/17 21:03:04 | 000,217,600 | ---- | C] () -- C:\WINDOWS\System32\MPEGAV32.DLL
[2005/02/17 21:03:04 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\CDROM32.DLL
[2005/02/17 19:47:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\exitwx.exe
[2005/02/17 19:38:03 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/02/17 13:00:37 | 000,004,410 | ---- | C] () -- C:\WINDOWS\AnyDVD-uninst.ini
[2005/02/16 14:35:46 | 000,000,247 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2005/02/16 14:31:34 | 000,001,300 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/02/16 14:31:34 | 000,000,333 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/02/16 13:06:03 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2005/02/16 12:59:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/02/16 12:53:55 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/02/09 00:49:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/02/09 00:21:19 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/02/09 00:01:39 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/02/08 23:57:37 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/08 23:41:59 | 011,010,048 | ---- | C] () -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\NTUSER.bak
[2005/02/08 23:41:26 | 001,572,864 | ---- | C] () -- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.bak
[2005/02/08 23:41:26 | 001,572,864 | ---- | C] () -- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.bak
[2005/02/08 23:40:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/02/08 23:22:20 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/02/08 22:48:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/11/25 21:41:49 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SPARKEY.DLL
[2003/09/30 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/09/30 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/09/30 20:00:00 | 000,460,724 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/09/30 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/09/30 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/09/30 20:00:00 | 000,079,742 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/09/30 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/09/30 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/09/30 20:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/09/30 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/09/30 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/05/07 01:11:58 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/01/02 16:58:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/02 16:57:11 | 000,150,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/02 07:00:10 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\RitShell.dll
[2002/03/19 17:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
[2002/01/14 22:36:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll
[1999/12/29 16:55:04 | 000,003,201 | ---- | C] () -- C:\WINDOWS\System32\drivers\Winflash.SYS
[1999/03/17 15:25:54 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\qpmctree.dll
[1998/06/23 14:13:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WBCDFLSH.DLL
[1997/11/03 19:38:44 | 000,293,376 | ---- | C] () -- C:\WINDOWS\System32\qpmcb63.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/03/20 14:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\AD ON Multimedia
[2005/02/21 16:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\APC
[2010/10/14 11:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\AVG10
[2011/05/09 10:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\BSD
[2006/10/06 16:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\COWON
[2008/12/03 21:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\Desktop Maestro
[2011/04/29 18:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\ElevatedDiagnostics
[2011/05/09 10:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\GetRightToGo
[2009/03/12 14:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\InfraRecorder
[2005/03/15 15:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\Leadertech
[2005/09/13 15:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\Musicmatch
[2006/04/20 21:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\NCH Swift Sound
[2011/05/09 10:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\OpenCandy
[2008/10/20 22:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\OpenOffice.org
[2006/05/29 16:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\OverDrive
[2006/05/22 19:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\PC Magazine Utilities
[2011/03/02 14:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\r2 Studios
[2006/04/20 21:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\RecordPad
[2008/11/11 18:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\Registry Booster
[2006/06/20 16:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\Simple Star
[2009/06/17 18:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\The Blocks Company, LLC
[2010/04/22 11:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Application Data\TomTom
[2011/01/27 22:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2010/10/14 11:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
[2011/01/18 18:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG10
[2010/10/14 11:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2011/05/09 10:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BSD
[2010/10/14 11:44:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2009/12/01 12:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Epson
[2007/06/13 16:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fidelity Investments
[2011/03/02 14:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\FileCure
[2005/05/12 18:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hagel Technologies
[2008/08/21 16:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
[2011/03/25 18:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Memorex Mirror for Photos
[2011/01/25 17:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2006/04/20 21:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
[2010/02/20 17:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OrbNetworks
[2009/11/19 18:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2010/11/05 15:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCPitstop
[2011/03/02 14:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\r2 Studios
[2009/12/15 18:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Retrospect
[2010/12/01 17:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
[2010/12/18 19:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Soluto
[2010/05/21 18:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2010/04/23 17:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TomTom
[2005/02/16 13:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %APPDATA%\Microsoft\*.*

< %systemroot%\system32\config\systemprofile\*.dat /x >
[1 C:\WINDOWS\system32\config\systemprofile\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\*.tmp -> ]

Invalid Environment Variable: %USERPROFILE%\Desktop\*.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

Invalid Environment Variable: %USERPROFILE%\My Documents\*.exe

Invalid Environment Variable: %USERPROFILE%\*.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2011/01/21 10:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2008/12/04 19:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\123 Free Solitaire
[2009/03/12 13:55:24 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2011/05/20 09:50:37 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2005/08/22 22:06:43 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Type Manager
[2006/11/15 19:35:26 | 000,000,000 | ---D | M] -- C:\Program Files\Advanced RAM Recovery
[2008/08/26 21:50:09 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2011/01/27 22:44:29 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2006/01/09 15:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\AOpen
[2007/10/30 18:55:24 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/10/11 17:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2007/03/06 18:27:53 | 000,000,000 | ---D | M] -- C:\Program Files\ASUSTeK
[2007/01/23 17:13:50 | 000,000,000 | ---D | M] -- C:\Program Files\Atomic Clock Sync
[2008/08/14 18:39:37 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2007/01/29 19:45:07 | 000,000,000 | ---D | M] -- C:\Program Files\Audio Converter
[2005/11/22 20:36:01 | 000,000,000 | ---D | M] -- C:\Program Files\Audio Files GDS Indexer
[2011/01/31 21:02:13 | 000,000,000 | ---D | M] -- C:\Program Files\AudioLabel
[2010/10/14 11:34:30 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2003/01/02 01:23:24 | 000,000,000 | ---D | M] -- C:\Program Files\AvRack
[2010/11/15 19:46:23 | 000,000,000 | ---D | M] -- C:\Program Files\Blackjack StatWiz
[2011/02/17 10:43:57 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2010/12/01 17:43:09 | 000,000,000 | ---D | M] -- C:\Program Files\Browny02
[2005/02/21 18:46:55 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2006/01/14 17:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Casino
[2010/10/01 18:14:48 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/04/28 16:59:55 | 000,000,000 | ---D | M] -- C:\Program Files\CDTrustee
[2006/07/06 18:18:48 | 000,000,000 | ---D | M] -- C:\Program Files\Citi Virtual Account Numbers
[2011/05/20 09:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/01/24 22:40:27 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/11/13 19:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2005/02/05 19:02:29 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2005/02/17 21:40:59 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2011/03/25 19:53:43 | 000,000,000 | ---D | M] -- C:\Program Files\Dan Elwell's Broadband Speed Test
[2005/10/20 18:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\Dantz
[2010/08/17 13:03:16 | 000,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2008/12/04 09:31:58 | 000,000,000 | ---D | M] -- C:\Program Files\Desktop Maestro
[2006/11/16 13:02:53 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2008/08/26 21:10:26 | 000,000,000 | ---D | M] -- C:\Program Files\EASEUS
[2005/01/25 00:18:54 | 000,000,000 | ---D | M] -- C:\Program Files\Elaborate Bytes
[2005/02/18 19:16:01 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2009/12/01 15:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\EpsonNet
[2010/12/18 18:42:26 | 000,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2011/01/14 11:29:46 | 000,000,000 | ---D | M] -- C:\Program Files\Eusing Free Registry Cleaner
[2009/03/20 14:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\Exact Audio Copy
[2005/05/12 18:23:42 | 000,000,000 | ---D | M] -- C:\Program Files\Executive Software
[2005/02/17 19:47:53 | 000,000,000 | ---D | M] -- C:\Program Files\FarStone
[2009/12/11 17:32:19 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2005/02/28 15:56:22 | 000,000,000 | ---D | M] -- C:\Program Files\Fidelity Investments
[2009/12/11 17:32:29 | 000,000,000 | ---D | M] -- C:\Program Files\FLVCodec
[2010/01/29 15:23:01 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2006/01/09 18:55:31 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2005/08/30 16:15:27 | 000,000,000 | ---D | M] -- C:\Program Files\ImageServer
[2009/03/12 13:58:32 | 000,000,000 | ---D | M] -- C:\Program Files\InfraRecorder
[2011/01/18 16:27:47 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/04/01 17:15:06 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/13 23:40:53 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/10/30 19:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/04/28 18:08:35 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2006/06/20 15:14:08 | 000,000,000 | ---D | M] -- C:\Program Files\ItsDeductibleEX
[2007/10/30 19:28:42 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/05/07 11:00:54 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/10/20 22:34:59 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/12/11 17:38:09 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2008/12/04 19:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\Lame
[2009/03/30 22:23:14 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2011/01/18 16:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/03/25 18:47:04 | 000,000,000 | ---D | M] -- C:\Program Files\Memorex
[2011/01/26 13:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/12/29 13:07:06 | 000,000,000 | ---D | M] -- C:\Program Files\MFInstall
[2005/01/25 00:16:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/03/03 12:00:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2005/01/24 22:55:33 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/04/02 16:26:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Money 2006
[2005/01/25 00:15:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/04/22 14:24:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/05/07 19:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2005/04/15 18:28:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2006/08/18 17:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\Motherboard Monitor 5
[2011/01/26 12:41:50 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/08/17 23:36:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2005/01/24 22:40:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/01/24 22:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/08/27 00:01:20 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/08/17 23:30:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2005/02/21 19:14:07 | 000,000,000 | ---D | M] -- C:\Program Files\Multi-Media Keyboard
[2007/10/11 17:43:40 | 000,000,000 | ---D | M] -- C:\Program Files\Musicmatch
[2006/05/19 14:57:11 | 000,000,000 | ---D | M] -- C:\Program Files\MVReader
[2009/08/21 17:39:21 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2007/01/29 17:23:55 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2008/08/26 21:54:51 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2011/01/26 11:25:53 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2005/02/21 14:51:02 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2009/12/31 13:15:16 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2008/12/04 19:40:50 | 000,000,000 | ---D | M] -- C:\Program Files\NoteTab Light
[2010/12/01 17:38:29 | 000,000,000 | ---D | M] -- C:\Program Files\Nuance
[2007/01/23 17:13:53 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeUpdate11
[2005/01/24 22:40:17 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/10/20 22:34:56 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2011/01/26 12:43:05 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/01/06 15:34:39 | 000,000,000 | ---D | M] -- C:\Program Files\OverDrive Media Console
[2009/12/15 11:11:34 | 000,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2008/04/08 18:32:32 | 000,000,000 | ---D | M] -- C:\Program Files\PassAlong
[2009/11/19 18:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2011/05/17 22:22:15 | 000,000,000 | ---D | M] -- C:\Program Files\Pfscan 2
[2005/08/22 22:01:27 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoParade
[2005/12/01 23:58:13 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoStreamer
[2011/01/28 13:24:05 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2006/06/22 11:57:44 | 000,000,000 | ---D | M] -- C:\Program Files\Pure Networks
[2011/05/05 07:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Pwrchute
[2011/05/19 18:22:05 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken09
[2007/10/30 19:28:01 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/03/02 14:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\r2 Studios
[2009/12/14 17:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\RadioGet
[2005/03/16 21:43:15 | 000,000,000 | ---D | M] -- C:\Program Files\Ratajik Software
[2005/02/16 13:03:04 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2011/05/09 09:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek AC97
[2003/10/26 23:16:29 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek Sound Manager
[2009/08/17 23:35:50 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/12/04 09:33:54 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2009/12/14 16:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\Replay Media Catcher
[2009/12/14 15:50:34 | 000,000,000 | ---D | M] -- C:\Program Files\Replay Video Capture
[2005/02/23 15:23:02 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2005/02/17 16:28:18 | 000,000,000 | ---D | M] -- C:\Program Files\Siber Systems
[2005/01/25 00:19:06 | 000,000,000 | ---D | M] -- C:\Program Files\SlySoft
[2009/12/14 17:13:37 | 000,000,000 | ---D | M] -- C:\Program Files\SoundTaxi Media Suite
[2011/06/16 19:14:54 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedFan
[2005/02/18 12:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\SSA
[2011/04/27 18:03:22 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2008/07/01 18:14:57 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2011/05/09 10:30:13 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2005/03/04 19:07:46 | 000,000,000 | ---D | M] -- C:\Program Files\TextBridge Pro 9.0
[2010/04/23 17:12:15 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom DesktopSuite
[2010/04/22 11:35:53 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom HOME 2
[2010/04/22 11:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2005/02/24 21:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2010/11/05 15:36:00 | 000,000,000 | ---D | M] -- C:\Program Files\TweakNow RegCleaner Std
[2006/06/07 17:32:09 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2007/03/05 20:58:19 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/02/03 00:19:14 | 000,000,000 | ---D | M] -- C:\Program Files\Usability Sciences
[2005/02/21 12:38:10 | 000,000,000 | ---D | M] -- C:\Program Files\V92Modem
[2011/05/17 22:24:17 | 000,000,000 | ---D | M] -- C:\Program Files\VectorVest
[2011/01/25 11:39:06 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2005/02/16 13:04:49 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2007/09/17 15:51:32 | 000,000,000 | ---D | M] -- C:\Program Files\WebIQ
[2011/05/16 18:31:01 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2011/05/09 10:21:24 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Detect
[2011/01/27 13:26:40 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Remote
[2008/02/22 19:33:23 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp Toolbar
[2010/02/19 10:53:27 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp WINAMPONLY
[2011/01/26 11:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/01/26 11:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/01/25 00:28:49 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/12/11 17:31:55 | 000,000,000 | ---D | M] -- C:\Program Files\WinPcap
[2005/02/08 23:59:30 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/12/08 21:42:11 | 000,000,000 | ---D | M] -- C:\Program Files\Wise Disk Cleaner
[2011/03/14 21:02:41 | 000,000,000 | ---D | M] -- C:\Program Files\Wise Registry Cleaner 3
[2005/06/16 17:50:29 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2011/03/02 14:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\XP-TunerPRO
[2011/03/02 14:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\YCIII
[2005/01/25 00:24:46 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs


< MD5 for: AGP440.SYS >
[2011/01/25 13:27:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2005/02/09 01:04:58 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2011/01/25 13:27:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2011/01/25 13:27:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/09/30 20:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2011/01/25 13:27:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2005/02/09 01:04:58 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2011/01/25 13:27:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2011/01/25 13:27:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2003/09/30 20:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2011/01/25 13:27:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2005/02/09 01:04:58 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2011/01/25 13:27:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2011/01/25 13:27:36 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:disk.sys
[2004/08/04 01:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< CREATERESTOREPOINT >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-14 03:16:26

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\AMERIC~1.0\aol.exe [1999/09/06 08:45:40 | 000,024,576 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/09/30 20:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\AMERIC~1.0\aol.exe [1999/09/06 08:45:40 | 000,024,576 | ---- | M] (America Online, Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/09/30 20:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Desktop\Shortcut to BJ.pif:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Admin.ADMIN-PUVGJ3MTW\Desktop\BlackJack.pif:SummaryInformation
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0D786AE3
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
< End of report >

sibob50

Unborn
Unborn

Posts : 4
Joined : 2011-06-18
Operating System : xp

View user profile

Back to top Go down

Re: Virus Unknown - from link (tekenburo-welling.nl) Continued

Post by Sneakyone on Tue 21 Jun 2011, 2:53 pm

Hi,

Your log is cut off. Please post the entire log.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum