Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Allureon.CT, pdfjsc.PE infection

Started by salindor , Jun 15 2011 08:36 PM

  • Please log in to reply

#1
salindor
Posted 15 June 2011 - 08:36 PM

salindor

    New Member

  • Member
  • Pip
  • 1 posts
I realized I must be infected by some virus because I noticed my email account had sent out a ton of spam. At first I was thinking it had to do with a virus running Microsoft outlook 2010. After a scan Microsoft Security Essentials detected two malwares a trojan Allureon.CT (its location used in a tmp file in the application folder with a generic name so I have no idea what the original offending page was and pdfjsc.PE which was attached to a pdf (I do a lot of research so I could fully believe that one).

I have read the Allureon class of viruses are information collectors and modify dns settings and such. Normally when I get a virus I just wipe and reinstall because I don't deal with them enough to all the proper cleaning steps. I was hoping this time I could avoid that so that is why I made a post. Anyways here is the OLT report

OTL logfile created on: 6/15/2011 10:14:47 PM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Tim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.23 Gb Available Physical Memory | 82.69% Memory free
31.99 Gb Paging File | 28.17 Gb Available in Paging File | 88.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 328.23 Gb Free Space | 70.49% Space Free | Partition Type: NTFS

Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 21:04:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2011/06/11 16:36:46 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/05/30 17:05:44 | 000,239,776 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/04/14 08:22:08 | 012,036,968 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
PRC - [2011/03/19 00:41:08 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Tim\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2010/11/24 22:40:40 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/07/01 07:56:10 | 000,729,088 | ---- | M] (Rhapsody International Inc.) -- C:\Program Files (x86)\Rhapsody\rhaphlpr.exe
PRC - [2010/05/11 15:33:52 | 000,810,880 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\NagaTray.exe
PRC - [2010/03/10 11:17:10 | 000,358,448 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2010/03/10 11:17:04 | 000,053,808 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2010/03/10 11:17:02 | 000,043,056 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/11/10 22:05:34 | 000,569,344 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe
PRC - [2009/10/20 11:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2009/09/29 13:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2009/07/24 12:16:48 | 003,016,192 | ---- | M] () -- C:\Program Files (x86)\ASUS\T Probe\TProbe.exe
PRC - [2009/07/17 15:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/07/15 16:45:42 | 007,238,144 | ---- | M] (ASUSTek) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2009/07/01 20:19:18 | 000,601,088 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe
PRC - [2009/04/02 00:27:27 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2008/10/01 18:28:56 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/08/13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\gStart.exe
PRC - [2008/01/11 18:02:26 | 000,041,045 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless N Client Utility\jswtrayutil.exe
PRC - [2007/11/30 20:03:28 | 000,881,152 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
PRC - [2007/10/16 14:48:50 | 000,319,488 | ---- | M] (ASUS) -- C:\Program Files\ASUS\Ai Suite\CpuLevelUpHook32.exe


========== Modules (SafeList) ==========

MOD - [2011/06/15 21:04:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011/06/11 16:36:46 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/17 19:18:44 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 11:17:10 | 000,358,448 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2010/03/10 11:17:04 | 000,053,808 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2010/03/10 11:17:02 | 000,043,056 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009/10/20 11:00:22 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2009/09/29 13:56:52 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2009/07/17 15:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/02 00:27:27 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2008/01/11 17:06:22 | 000,937,984 | ---- | M] (TP-LINK TECHNOLOGIES CO., LTD.) [On_Demand | Stopped] -- C:\Program Files (x86)\TP-LINK\TP-LINK Wireless N Client Utility\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/21 15:59:16 | 000,073,216 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/18 01:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 23:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 21:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2008/05/19 19:44:00 | 001,137,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2007/09/06 16:53:12 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1)
DRV:64bit: - [2007/08/31 17:43:38 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 FA C6 6A 78 28 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\TP-LINK\TP-LINK Wireless N Client Utility\jswtrayutil.exe (TP-LINK TECHNOLOGIES CO., LTD.)
O4 - HKLM..\Run: [NI Background Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\niupdate.exe (National Instruments)
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [T Probe] C:\Program Files (x86)\ASUS\T Probe\TProbe.exe ()
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTek)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [gStart] C:\Program Files (x86)\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [HydraVisionMDEngine] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Radio365Agent] File not found
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Tim\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: garmin.com ([buy] https in Trusted sites)
O15 - HKCU\..Trusted Domains: garmin.com ([connect] https in Trusted sites)
O15 - HKCU\..Trusted Domains: garmin.com ([my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} http://www.yoyogames...ctivex/YoYo.cab (YYGInstantPlay Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/15 21:42:17 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes
[2011/06/15 21:42:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/15 21:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/15 21:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/15 21:42:05 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/15 21:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/15 21:09:07 | 004,128,845 | ---- | C] (Swearware) -- C:\Users\Tim\Desktop\Combo-Fix.exe
[2011/06/15 21:04:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2011/06/11 16:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/11 16:48:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/06/11 16:47:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/06/11 16:47:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/07 00:00:32 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/06/07 00:00:16 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/06/04 17:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin GPS Plugin
[2011/05/31 05:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2011/05/31 05:15:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[1 C:\Users\Tim\Documents\*.tmp files -> C:\Users\Tim\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/15 21:42:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/15 21:25:15 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 21:25:15 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/15 21:09:07 | 004,128,845 | ---- | M] (Swearware) -- C:\Users\Tim\Desktop\Combo-Fix.exe
[2011/06/15 21:04:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2011/06/15 20:59:46 | 000,870,128 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\mcs.rma
[2011/06/15 20:59:46 | 000,000,004 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\A1F6E5
[2011/06/15 20:59:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/13 22:58:20 | 000,010,863 | ---- | M] () -- C:\Users\Tim\Desktop\Polynomial.fxpl
[2011/06/13 08:11:55 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/06/13 08:01:05 | 4293,435,390 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/11 19:28:40 | 000,875,594 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/11 19:28:40 | 000,728,258 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/11 19:28:40 | 000,147,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/11 19:20:59 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/11 19:15:23 | 000,445,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/31 05:19:07 | 000,001,131 | ---- | M] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/05/24 07:59:17 | 902,659,517 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Users\Tim\Documents\*.tmp files -> C:\Users\Tim\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 21:42:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/13 22:58:20 | 000,010,863 | ---- | C] () -- C:\Users\Tim\Desktop\Polynomial.fxpl
[2011/06/07 00:01:16 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/06/06 23:59:55 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/06/06 23:59:43 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/06/06 23:59:43 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/06/06 23:59:37 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/05/31 05:19:07 | 000,001,131 | ---- | C] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/05/05 23:31:44 | 000,870,128 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\mcs.rma
[2011/05/05 23:30:01 | 000,000,004 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\A1F6E5
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/09 16:55:25 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/05 09:14:21 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2010/10/05 09:14:20 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\lffax60n.dll
[2010/10/05 09:14:20 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\lfcmp60n.dll
[2010/10/05 09:14:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\lfpng60n.dll
[2010/10/05 09:14:20 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\lftif60n.dll
[2010/10/05 09:14:20 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\ltfil60n.dll
[2010/10/05 09:14:20 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\lfpcx60n.dll
[2010/10/05 09:14:20 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfpct60n.dll
[2010/10/05 09:14:20 | 000,022,528 | ---- | C] () -- C:\Windows\SysWow64\lfeps60n.dll
[2010/10/05 09:14:20 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\lfbmp60n.dll
[2010/10/05 09:14:20 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\lfpsd60n.dll
[2010/10/05 09:14:20 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\lftga60n.dll
[2010/10/05 09:14:20 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwpg60n.dll
[2010/10/05 09:14:20 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\lfwmf60n.dll
[2010/10/05 09:14:20 | 000,018,432 | ---- | C] () -- C:\Windows\SysWow64\lfmsp60n.dll
[2010/10/05 09:14:20 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\lfmac60n.dll
[2010/10/05 09:14:20 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
[2010/06/26 19:13:25 | 000,000,004 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\80697A
[2010/06/24 21:20:36 | 000,000,593 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/05/14 17:08:01 | 000,889,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/19 06:25:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/03/19 06:16:48 | 000,028,512 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/03/19 06:11:23 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/03/19 06:11:23 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/03/19 06:11:20 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/03/19 06:11:20 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/03/19 06:08:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/03/19 06:08:01 | 000,021,843 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/03/19 06:05:30 | 000,007,597 | ---- | C] () -- C:\Users\Tim\AppData\Local\Resmon.ResmonCfg
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/05 22:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/12/01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

========== LOP Check ==========

[2010/06/11 15:45:43 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Amazon
[2011/04/29 15:06:17 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/25 20:59:31 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\GARMIN
[2010/05/11 17:20:06 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\LolClient
[2010/03/19 06:27:42 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/11/21 21:08:47 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Mathsoft
[2011/06/14 23:26:25 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Mumble
[2010/11/14 02:41:44 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\National Instruments
[2010/05/16 10:00:14 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\OpenOffice.org
[2010/12/18 16:32:23 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PDF Writer
[2010/11/21 21:13:35 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\PTC
[2010/03/28 07:44:18 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\runic games
[2010/06/24 21:06:28 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SanDisk
[2010/04/16 19:07:49 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Saring
[2010/04/02 01:09:22 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SPORE
[2011/05/13 16:49:58 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Subversion
[2009/07/14 01:08:49 | 000,025,380 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Thank you in advance for any help you can provide.

Salindor

Edited by salindor, 16 June 2011 - 05:59 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP