Topic: Can someone view this hijack this file.-Moved by Murf
View Single Post
  #8  
Old June 16th, 2013, 05:33 PM
dr_ledger's Avatar
dr_ledger dr_ledger is offline
Senior Member
  
Join Date: Jan 2003
O/S: Windows XP Pro
Location: TN
Posts: 267
[2013/06/15 14:47:09 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/15 14:27:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
[2013/06/15 14:16:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/15 13:34:25 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 13:34:25 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 13:26:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/15 13:26:55 | 000,000,576 | ---- | M] () -- C:\Windows\Brownie.ini
[2013/06/15 13:25:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/15 13:25:25 | 3018,661,888 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/08 12:31:25 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-849950591-2780344445-553799950-1001UA.job
[2013/06/07 18:42:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-849950591-2780344445-553799950-1001Core.job
[2013/06/07 17:27:20 | 000,005,296 | ---- | M] () -- C:\Users\Charles\Documents\cc_20130607_172712.reg
[2013/06/07 17:03:51 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2013/06/07 16:47:28 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCharles.job
[2013/06/05 15:13:36 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/06/04 16:33:49 | 000,875,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/04 16:33:49 | 000,729,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/04 16:33:49 | 000,145,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/03 12:10:17 | 000,001,773 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2013/06/02 12:56:24 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/02 12:55:33 | 000,002,932 | ---- | M] () -- C:\Users\Charles\Documents\cc_20130602_125528.reg
[2013/06/02 08:35:30 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/06/02 08:35:30 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2013/06/01 18:59:00 | 000,256,519 | ---- | M] () -- C:\Users\Charles\Desktop\20130307131643378.pdf
[2013/05/27 09:25:53 | 000,049,240 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/05/27 09:25:06 | 000,002,169 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2013/05/21 07:20:02 | 000,210,944 | ---- | M] () -- C:\Users\Charles\Documents\Bayer.db
[2013/05/18 18:26:39 | 000,004,572 | ---- | M] () -- C:\Users\Charles\Documents\cc_20130518_182635.reg
[2013/05/18 18:06:12 | 000,096,348 | ---- | M] () -- C:\Users\Charles\Desktop\safe sanctuary scan.RTF
[2013/05/18 17:06:46 | 000,224,862 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2013/05/18 17:06:10 | 002,130,808 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\C at.DB
[2013/05/17 20:51:44 | 000,022,247 | ---- | M] () -- C:\Qdata.QSD
[2013/05/17 20:51:36 | 001,381,744 | ---- | M] () -- C:\Qdata.QDF
[2013/05/17 20:43:52 | 000,000,326 | ---- | M] () -- C:\Qdata.ABD
[2013/05/17 19:26:06 | 000,006,016 | ---- | M] () -- C:\Users\Charles\Documents\cc_20130517_192602.reg
[2013/05/17 19:25:30 | 000,065,694 | ---- | M] () -- C:\Users\Charles\Documents\cc_20130517_192522.reg
[2013/05/16 20:26:58 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\V T20130115.021
[2013/05/16 16:08:20 | 000,000,009 | ---- | M] () -- C:\END
[2013/05/16 16:01:31 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[25 C:\Users\Charles\Desktop\*.tmp files -> C:\Users\Charles\Desktop\*.tmp -> ]
[13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/07 17:27:19 | 000,005,296 | ---- | C] () -- C:\Users\Charles\Documents\cc_20130607_172712.reg
[2013/06/07 17:03:51 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/06/02 12:56:23 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/02 12:55:31 | 000,002,932 | ---- | C] () -- C:\Users\Charles\Documents\cc_20130602_125528.reg
[2013/06/01 19:09:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/01 19:02:10 | 000,256,519 | ---- | C] () -- C:\Users\Charles\Desktop\20130307131643378.pdf
[2013/05/18 18:26:37 | 000,004,572 | ---- | C] () -- C:\Users\Charles\Documents\cc_20130518_182635.reg
[2013/05/18 17:43:25 | 000,096,348 | ---- | C] () -- C:\Users\Charles\Desktop\safe sanctuary scan.RTF
[2013/05/18 17:03:06 | 001,625,088 | ---- | C] ( ) -- C:\Windows\SysNative\lxecserv.dll
[2013/05/18 17:03:06 | 001,328,640 | ---- | C] ( ) -- C:\Windows\SysNative\lxecusb1.dll
[2013/05/18 17:03:04 | 000,556,032 | ---- | C] ( ) -- C:\Windows\SysNative\lxecinpa.dll
[2013/05/18 17:03:04 | 000,514,048 | ---- | C] ( ) -- C:\Windows\SysNative\lxeciesc.dll
[2013/05/18 17:03:01 | 001,366,528 | ---- | C] ( ) -- C:\Windows\SysNative\lxeccomc.dll
[2013/05/18 17:03:01 | 001,050,280 | ---- | C] ( ) -- C:\Windows\SysNative\lxeccoms.exe
[2013/05/18 17:03:00 | 000,880,640 | ---- | C] ( ) -- C:\Windows\SysNative\lxeclmpm.dll
[2013/05/17 19:26:04 | 000,006,016 | ---- | C] () -- C:\Users\Charles\Documents\cc_20130517_192602.reg
[2013/05/17 19:25:26 | 000,065,694 | ---- | C] () -- C:\Users\Charles\Documents\cc_20130517_192522.reg
[2013/05/16 16:01:28 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/05/10 02:19:53 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/05/09 23:22:43 | 000,000,258 | RHS- | C] () -- C:\Users\Charles\ntuser.pol
[2013/02/16 11:20:56 | 000,007,619 | ---- | C] () -- C:\Users\Charles\AppData\Local\Resmon.ResmonCfg
[2013/01/10 18:58:30 | 000,031,250 | ---- | C] () -- C:\Windows\HL-5370DW.INI
[2012/12/11 13:27:56 | 004,132,864 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2012/03/26 11:28:14 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2012/03/26 11:28:14 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2012/03/26 11:28:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2012/03/26 11:28:14 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2012/03/26 11:28:14 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2012/03/26 11:28:14 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2012/03/26 11:28:14 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2012/03/26 11:28:14 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2012/03/26 11:28:14 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2012/03/26 11:28:14 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2012/03/26 11:28:14 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2012/03/26 11:28:14 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2012/03/26 11:28:14 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2012/03/26 11:28:14 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2012/03/26 11:28:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2012/03/26 11:28:14 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2012/03/26 11:28:13 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2012/03/26 11:28:13 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2012/03/26 11:28:13 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2012/03/26 11:28:13 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2012/03/26 11:28:13 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2012/02/05 23:32:42 | 000,000,048 | ---- | C] () -- C:\Windows\fpengine.INI
[2012/01/05 19:43:44 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32. bc
[2011/12/30 01:49:00 | 000,000,084 | ---- | C] () -- C:\Users\Charles\Videos.scn
[2011/12/30 01:18:54 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/12/16 00:07:35 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/12/16 00:07:35 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/12/16 00:01:08 | 000,000,576 | ---- | C] () -- C:\Windows\Brownie.ini
[2011/12/14 17:45:26 | 000,000,028 | ---- | C] () -- C:\Windows\jsum.INI
[2011/10/29 21:56:49 | 000,000,273 | ---- | C] () -- C:\Users\Charles\apple festival_Title_ 1.mpg.scn
[2011/10/29 21:42:58 | 2793,998,336 | ---- | C] () -- C:\Users\Charles\apple festival_Title_ 1.mpg
[2010/12/27 23:26:38 | 005,394,432 | ---- | C] () -- C:\Users\Charles\s-1-5-21-849950591-2780344445-553799950-1001.rrr
[2010/05/29 14:12:29 | 000,000,095 | -H-- | C] () -- C:\Users\Charles\AppData\Local\fusioncache.dat
[2010/01/30 00:06:49 | 000,007,620 | -H-- | C] () -- C:\Users\Charles\AppData\Roaming\wklnhst.dat
[2009/12/18 07:38:47 | 000,008,623 | -H-- | C] () -- C:\Users\Charles\AppData\Local\tmpDSC00009_navi.JP G
[2009/12/18 07:38:46 | 000,023,086 | -H-- | C] () -- C:\Users\Charles\AppData\Local\tmpDSC00009.JPG
[2009/12/18 00:28:36 | 000,034,745 | -H-- | C] () -- C:\Users\Charles\AppData\Local\tmpDSC00014.JPG
[2009/12/18 00:28:36 | 000,029,867 | -H-- | C] () -- C:\Users\Charles\AppData\Local\tmpDSC00014.0
[2009/12/12 18:42:40 | 000,008,704 | ---- | C] () -- C:\Users\Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 09:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 08:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/08/08 17:53:37 | 000,000,000 | -HSD | M] -- C:\Users\Charles\AppData\Roaming\.#
[2012/10/10 15:45:53 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Complitly
[2010/10/13 22:51:18 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\DriverCure
[2010/10/05 08:44:42 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\GetRightToGo
[2012/02/02 21:25:01 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\HTC
[2012/02/02 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\HTC.388BC06ACDAB6 261375BCE37FBA2E023C0D7EE34.1
[2013/06/15 15:08:29 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\ID Vault
[2009/12/12 15:09:43 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\ImTOO Software Studio
[2011/12/30 10:19:01 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\IObit
[2009/12/24 03:10:44 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\LG Electronics
[2009/12/12 20:48:23 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\NCH Swift Sound
[2011/12/24 17:05:26 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\ooVoo Details
[2010/12/04 19:17:08 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Opera
[2013/05/16 20:46:12 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\ParetoLogic
[2012/07/12 13:49:02 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Participatory Culture Foundation
[2012/02/04 19:29:49 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\PC Cleaners
[2010/12/16 12:13:57 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\PCFix
[2012/02/04 19:29:49 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\PCPro
[2013/03/31 23:18:34 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\PhotoScape
[2010/10/05 08:44:53 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Pro800-Pro900 Series
[2010/12/27 23:27:59 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Registry Mechanic
[2011/05/14 20:59:47 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Sammsoft
[2010/10/05 08:42:41 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Seattle Avionics
[2011/03/03 20:25:22 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\SMART Technologies
[2010/10/24 07:11:31 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\SMART Technologies Inc
[2013/05/10 02:29:42 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Strongvault
[2013/01/19 23:21:26 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TeamViewer
[2010/01/30 00:06:52 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\Template
[2010/11/18 23:14:02 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Thunderbird
[2011/11/30 11:02:28 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Tific
[2010/10/05 08:42:41 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TomTom
[2011/04/22 08:23:58 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Trusteer
[2011/02/08 00:30:57 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TS3Client
[2012/09/18 23:21:39 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\TuneUpMedia
[2010/11/03 19:26:04 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Walgreens
[2009/12/01 13:59:42 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\WildTangent
[2009/12/02 22:48:01 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\WinBatch
[2012/04/17 23:44:07 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp1B5B4F1

< End of report >
Reply With Quote