Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

alureon trojan

Started by SuperJess , Jul 02 2011 08:50 AM

  • This topic is locked This topic is locked

#1
SuperJess
Posted 02 July 2011 - 08:50 AM

SuperJess

    Member

  • Member
  • PipPip
  • 42 posts
Hello,

I've gotten some sort of virus. I haven't noticed any odd signs but when I tried to delete a folder I got a message from Windows Defender which said I had a virus, something like alureon.

Here is my OTL log:

OTL logfile created on: 7/2/2011 10:37:39 AM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Jess\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.87 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 50.40% Memory free
11.73 Gb Paging File | 8.66 Gb Available in Paging File | 73.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 688.72 Gb Total Space | 538.24 Gb Free Space | 78.15% Space Free | Partition Type: NTFS
Drive D: | 108.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 2.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JESS-PC | User Name: Jess | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/02 10:37:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe
PRC - [2011/06/25 19:42:28 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/23 11:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/20 05:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/08/20 19:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/07/21 12:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/01/27 18:01:56 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/10/15 05:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/15 05:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/12 23:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
PRC - [2008/04/24 18:57:00 | 000,368,640 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe
PRC - [2007/04/02 02:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe


========== Modules (SafeList) ==========

MOD - [2011/07/02 10:37:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe
MOD - [2011/02/23 11:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/23 11:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/18 22:33:51 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/20 19:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/02 02:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/28 14:25:52 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 10:55:05 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/24 02:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 02:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 02:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 02:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/02/27 11:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 01:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/10/16 07:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 19:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKCU..\Run: [Best Buy pc app] File not found
O4 - HKCU..\Run: [CTZDetec.exe] C:\Program Files (x86)\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/19 10:43:21 | 000,000,028 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011/03/02 19:00:00 | 000,000,048 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0f463470-f395-11df-aef2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0f463470-f395-11df-aef2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\PCOpenCD.exe -- [2011/02/19 10:43:32 | 000,033,799 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/02 10:37:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe
[2011/07/01 20:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\T1 Games
[2011/07/01 20:49:47 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Worlds Greatest Places Mahjong
[2011/07/01 20:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Worlds Greatest Places Mahjong
[2011/07/01 20:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Worlds Greatest Places Mahjong
[2011/07/01 20:04:52 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nightmare Realm Collector's Edition
[2011/07/01 20:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightmare Realm Collector's Edition
[2011/07/01 20:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nightmare Realm Collector's Edition
[2011/06/30 21:38:01 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Awem
[2011/06/30 21:35:50 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Golden Trails 2 - The Lost Legacy Collector's Edition
[2011/06/30 21:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Golden Trails 2 - The Lost Legacy Collector's Edition
[2011/06/30 21:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Golden Trails 2 - The Lost Legacy Collector's Edition
[2011/06/30 21:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Dereza
[2011/06/30 19:44:13 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\MoMB_Full_Eng
[2011/06/30 08:10:52 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery of the Missing Brigantine
[2011/06/30 08:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery of the Missing Brigantine
[2011/06/30 08:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mystery of the Missing Brigantine
[2011/06/29 07:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/06/29 07:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/06/29 03:08:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/28 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\HeroCraft
[2011/06/25 20:21:31 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gourmania 3 - Zoo Zoom
[2011/06/25 20:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gourmania 3 - Zoo Zoom
[2011/06/25 20:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gourmania 3 - Zoo Zoom
[2011/06/25 19:48:42 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/25 19:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/06/25 18:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TheFallTrilogyEp3-BF
[2011/06/22 21:54:31 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Youda Farmer 3 - Seasons
[2011/06/22 21:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youda Farmer 3 - Seasons
[2011/06/22 21:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Youda Farmer 3 - Seasons
[2011/06/20 19:57:49 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Islands2
[2011/06/20 19:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Island Tribe 2
[2011/06/19 11:23:05 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Westward IV - All Aboard
[2011/06/19 11:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Westward IV - All Aboard
[2011/06/19 11:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2011/06/19 11:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2011/06/18 22:57:08 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Anarchy
[2011/06/14 18:50:31 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\WendigoStudios
[2011/06/14 18:50:15 | 000,000,000 | ---D | C] -- C:\Games
[2011/06/14 17:06:41 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\JCP
[2011/06/14 17:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/06/10 21:47:36 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Local\Astar Games
[2011/06/09 20:12:54 | 000,000,000 | ---D | C] -- C:\Users\Jess\Documents\Sigma Team
[2011/06/09 07:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2011/06/08 21:16:20 | 000,000,000 | ---D | C] -- C:\Users\Jess\Documents\Electronic Arts
[2011/06/08 21:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 3 Ultimate Bundle
[2011/06/08 17:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Sims 3 Ultimate Bundle
[2011/06/07 18:45:45 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Alawar
[2011/06/07 18:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar
[2011/06/04 21:11:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PlayfulAge
[2011/06/04 21:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayfulAge
[2011/06/04 14:56:28 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\Funswitch
[2011/06/03 22:46:28 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\TheKingOfFire
[2011/06/03 21:20:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2011/06/03 07:56:12 | 000,000,000 | ---D | C] -- C:\Users\Jess\AppData\Roaming\NevoSoft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/02 10:37:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jess\Desktop\OTL.exe
[2011/07/01 20:49:55 | 000,002,111 | ---- | M] () -- C:\Users\Public\Desktop\Play Worlds Greatest Places Mahjong.lnk
[2011/07/01 20:49:55 | 000,001,290 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/07/01 20:05:29 | 000,002,164 | ---- | M] () -- C:\Users\Public\Desktop\Play Nightmare Realm Collector's Edition.lnk
[2011/07/01 11:00:02 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/06/30 21:36:18 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Play Golden Trails 2 - The Lost Legacy Collector's Edition.lnk
[2011/06/30 08:11:08 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\Play Mystery of the Missing Brigantine.lnk
[2011/06/29 07:15:21 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/29 03:35:16 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/29 03:35:16 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/29 03:33:00 | 000,727,246 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/29 03:33:00 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/29 03:33:00 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/29 03:27:51 | 000,291,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/29 03:27:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/29 03:27:37 | 429,219,839 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/25 20:21:44 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Play Gourmania 3 - Zoo Zoom.lnk
[2011/06/25 19:41:11 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/06/24 21:05:00 | 000,002,266 | ---- | M] () -- C:\Users\Jess\Desktop\Youda Farmer 3 - Seasons .lnk
[2011/06/22 21:54:39 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\Play Youda Farmer 3 - Seasons.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/01 20:49:55 | 000,002,111 | ---- | C] () -- C:\Users\Public\Desktop\Play Worlds Greatest Places Mahjong.lnk
[2011/07/01 20:05:29 | 000,002,164 | ---- | C] () -- C:\Users\Public\Desktop\Play Nightmare Realm Collector's Edition.lnk
[2011/07/01 20:05:29 | 000,001,290 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2011/06/30 21:36:18 | 000,002,348 | ---- | C] () -- C:\Users\Public\Desktop\Play Golden Trails 2 - The Lost Legacy Collector's Edition.lnk
[2011/06/30 08:11:08 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\Play Mystery of the Missing Brigantine.lnk
[2011/06/29 07:15:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/29 07:15:02 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/25 20:21:44 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Play Gourmania 3 - Zoo Zoom.lnk
[2011/06/24 21:05:00 | 000,002,266 | ---- | C] () -- C:\Users\Jess\Desktop\Youda Farmer 3 - Seasons .lnk
[2011/06/22 21:54:39 | 000,002,065 | ---- | C] () -- C:\Users\Public\Desktop\Play Youda Farmer 3 - Seasons.lnk
[2010/12/22 21:23:56 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/19 00:05:28 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/19 00:05:28 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/11/19 00:05:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/07 18:45:45 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Alawar
[2011/04/15 19:52:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\aliasworlds
[2011/06/18 22:57:08 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Anarchy
[2011/06/30 21:38:01 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Awem
[2011/05/27 20:42:21 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Az-Art
[2011/01/29 20:33:28 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Boomzap
[2011/05/17 18:31:34 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Braintonik Games
[2011/05/15 21:06:58 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Colibri Games
[2011/03/31 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\CoreFTP
[2011/05/30 08:26:43 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Crown
[2011/02/15 21:07:49 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DAEMON Tools Lite
[2011/06/01 08:52:35 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DragonsEye Studios
[2011/04/14 21:54:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\DreamWoods2ScreenShot
[2011/05/29 12:34:44 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Elephant Games
[2011/05/10 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\EmilyArcher
[2011/04/14 21:50:28 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\FairyTale
[2011/06/25 20:38:05 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Friday's games
[2011/06/04 14:56:28 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Funswitch
[2011/05/21 11:56:44 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Gogii
[2011/06/28 20:37:02 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\HeroCraft
[2011/07/01 20:29:51 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Islands2
[2011/06/14 17:06:41 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\JCP
[2011/05/28 11:30:17 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Lazy Turtle Games
[2010/12/22 21:17:58 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Leadertech
[2011/04/07 21:37:33 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\MagicIndie
[2011/06/30 19:44:13 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\MoMB_Full_Eng
[2011/05/02 20:32:45 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\My Games
[2011/01/05 19:06:44 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Mystery of Mortlake Mansion
[2011/06/03 07:56:12 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\NevoSoft
[2011/03/30 22:31:34 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\OpenOffice.org
[2011/04/18 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Orneon
[2010/12/24 15:33:59 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\PCDr
[2011/01/13 21:02:50 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Phantasmat_bf_ce1
[2011/05/11 20:10:27 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\playmink
[2011/05/21 12:23:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\Princess Isabella
[2011/05/10 23:20:54 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\RIFT
[2011/04/15 05:19:04 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\SoftGrid Client
[2011/05/20 21:05:24 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\thejoyoffarming
[2011/06/04 08:29:14 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\TheKingOfFire
[2011/01/29 20:22:25 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\TP
[2011/05/21 09:55:05 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\TrickySoftware
[2011/06/25 22:46:04 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\uTorrent
[2011/06/15 21:38:11 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\WendigoStudios
[2011/06/24 00:05:30 | 000,000,000 | ---D | M] -- C:\Users\Jess\AppData\Roaming\YoudaGames
[2011/06/25 19:41:11 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 01:08:49 | 000,008,376 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/01 11:00:02 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:45912F61
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:ECF3C50F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:63210866
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F53B274A
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:68A41423
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:F6A0889A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:35629AE6
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BFE54417
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:40752783
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:0968E571
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5C4A588B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4F28299B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:F5FC5DCE
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A42FABF7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4EC7F009
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2216A431
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3C0887BF
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:44E16D4A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:19636FDD
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BEACE4C8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:06C34166
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C43C957E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7EF55396
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B9555D8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E894A3ED
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DCA79AB3
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:69FE2EE4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:14362DF8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:86E0BFC8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:16B49C20
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:701B92FB
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:02F30776
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:954C27C6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:00AA4B31
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3D36932D

< End of report >
  • 0

Advertisements

#2
Homburg
Posted 05 July 2011 - 03:41 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello Superjess and welcome to GeeksToGo :)

I'm Homburg and I'm going to help you fix your problem.

Note that I'm currently in training and my posts have to be approved by an expert before I reply.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • Please do not try to fix anything without being asked
  • Please continue to follow my instructions until I tell you your machine is clean. Absence of symptoms does not mean that everything is clear.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
Homburg
Posted 05 July 2011 - 12:51 PM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello SuperJess,

Can you please do the following:


Step 1:

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.


Step 2:

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Can you give me any details of the folder that you were trying to delete? e.g. was it one that you created or from a particular program

Homburg
  • 0

#4
SuperJess
Posted 05 July 2011 - 06:35 PM

SuperJess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Thanks in advance for the help.

Malwarebytes did not find any infections. Here is the log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7030

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

7/5/2011 8:20:24 PM
mbam-log-2011-07-05 (20-20-24).txt

Scan type: Quick scan
Objects scanned: 165485
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Will post the Kaspersky log once it finishes.
  • 0

#5
SuperJess
Posted 06 July 2011 - 05:28 AM

SuperJess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Kaspersky finished running, and did not find anything either. Here is the report:

Autoscan: completed 15161 days ago (events: 2, objects: 561410, time: 03:34:04)
7/5/2011 8:25:16 PM Task started
7/5/2011 11:59:20 PM Task completed

Attached Files


  • 0

#6
Homburg
Posted 06 July 2011 - 01:25 PM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi SuperJess,

I can't see any signs of infection in your logs so far.

What was the folder that you were trying to delete? Do you manage to delete it in safe mode or by another method? Can you create another folder somewhere and try to delete that one.

Please do the following:

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. Instructions on disabling these type of programs can be found here
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Homburg
  • 0

#7
SuperJess
Posted 06 July 2011 - 03:37 PM

SuperJess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Sorry, the folder was something I had downloaded (I think that's where the virus came from). I was able to send it to the recycle bin and then empty it in normal mode. I just got an error message when trying to delete it.

Will download Combofix and paste the log once it finishes.
  • 0

#8
SuperJess
Posted 06 July 2011 - 04:00 PM

SuperJess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I ran Combofix and was able to see the log, but when I went to open IE, I got an error message that said something like that registry key was marked for deletion and it would not open. I had just updated IE to version 9. I had to reboot to get IE to work again, so lost the log. I'm wary about running combofix again because I'm afraid the same thing may happen.
  • 0

#9
Homburg
Posted 07 July 2011 - 01:36 PM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello,

as you've not had any further problems and there doesn't appear to be any malware on your PC, we'll remove the tools and I'll give you some tips to prevent further infections :)

Please do the following:


Step 1:

Follow these steps to uninstall Combofix
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.


Step 2:

Reset SR Points/Clean up with OTL:
  • Double-click OTL to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
[ClearAllRestorePoints]
  • Return to OTL, right-click in the Custom Scans/Fixes window and choose Paste.
  • Then click the Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.


Step 3:

Delete AVP set up file and any remaining logs from your desktop.



I have a few recommendations to try and prevent further infections.

1. Protection Now that you are clean, to help protect your computer in the future I recommend that you download the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place. It also consumes no system resources.
SpywareGuard to catch and block spyware before it can execute. It offers real time protection.
MalwareBytes to remove any malware that might slip the net and get through. I recommend that you run this at least once a week.

2. Windows Updates.

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. I recommend that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.

3. JAVA updates.
As with Windows, Java also needs to be regularly updated to fix security vulnerabilities. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.

4. Adobe updates.
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. Older versions are susceptible to attack. You can download the latest reader and updates from here.

5. Firewall and antivirus.
A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online Armor is a more advanced firewall which includes a Host Intrusion Protection System (HIPS).
Comodo is a combined firewall and anti virus.

It is essential that you have an antivirus program installed on your computer. An Anti-Virus program protects your computer from many common viruses and trojans which can be deadly for your system. The following antivirus programs are free for personal use. Do not install more than one antivirus.

AVG
Avira Free
Avast


To learn more about how to protect yourself while on the internet you might like to read this GeeksToGo article. This covers some of the safety measures that I've included and also some more.

Happy surfing and stay safe :unsure:

Homburg.
  • 0

#10
SuperJess
Posted 07 July 2011 - 05:18 PM

SuperJess

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Thank you so much for your time!
  • 0

#11
Homburg
Posted 08 July 2011 - 04:29 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
You're welcome, thanks for sticking with it thru to the end :)
  • 0

#12
Essexboy
Posted 14 July 2011 - 10:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP