Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspect Computer infected with SetupPlaySushi.exe

Started by carlamarie , Jul 13 2011 03:51 PM

  • Please log in to reply

#1
carlamarie
Posted 13 July 2011 - 03:51 PM

carlamarie

    Member

  • Member
  • PipPip
  • 20 posts
I clicked on a button to play a game and it downloaded SetupPlaySushi.exe. I have a feeling it is malware. Avast says it is not infected, but I googled it and there are many sites saying it is malware. How do I remove it? I did NOT open the file, and I deleted it. It said it went to the trash folder. What should I do? I posted this before a while ago and no one responded, so I am posting again. Now the computer is really messed up, and I am having mulitple problems with my computer. It has been slower, crashing constantly, freezing, also, I keep getting a message saying Skype toolbar has crashed.

Thank you!

Carla



OTL logfile created on: 7/13/2011 2:38:50 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Carla\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 61.56% Memory free
7.87 Gb Paging File | 6.35 Gb Available in Paging File | 80.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 84.86 Gb Free Space | 36.45% Space Free | Partition Type: NTFS
Drive E: | 7.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CAMERONDAXMIRA | User Name: Carla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 14:37:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Carla\Downloads\OTL (1).exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/01/27 08:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2009/12/23 17:33:46 | 000,083,456 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
PRC - [2009/12/17 06:00:08 | 000,601,088 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2011/07/13 14:37:38 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Carla\Downloads\OTL (1).exe
MOD - [2011/07/04 04:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 18:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 18:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/13 18:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/13 18:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/25 22:06:30 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/27 08:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/17 06:00:08 | 000,601,088 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/04 04:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/27 11:32:28 | 000,632,704 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw10bda.sys -- (hcw10bda)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/10 09:29:16 | 000,046,080 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hcw10cir.sys -- (hcw10cir)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 01:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/11/12 10:04:24 | 000,581,632 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 01 00 CE 0F EA CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carla\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carla\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/03/05 21:43:39 | 000,001,706 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/12 11:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/07/09 10:50:49 | 003,261,952 | ---- | C] (AVAST Software) -- C:\Program Files\Alwil
[2011/06/27 23:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/06/27 23:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/06/27 19:46:59 | 000,000,000 | ---D | C] -- C:\Users\Carla\Documents\Clayton Regency
[2011/06/23 00:14:45 | 000,000,000 | ---D | C] -- C:\f354149a904b60e8ba8cb63e
[2011/06/15 10:02:37 | 000,000,000 | ---D | C] -- C:\Users\Carla\Documents\WolfQuest2
[2011/06/15 10:02:37 | 000,000,000 | ---D | C] -- C:\Users\Carla\Documents\WolfQuest
[2011/06/15 09:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WolfQuest
[2011/06/15 09:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WolfQuest
[2 C:\Users\Carla\Documents\*.tmp files -> C:\Users\Carla\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/13 14:32:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/13 14:32:32 | 3168,219,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/13 14:26:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/13 14:22:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2346860216-1327885937-482592253-1003UA.job
[2011/07/13 14:11:00 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2346860216-1327885937-482592253-1000UA.job
[2011/07/13 12:08:38 | 000,324,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/13 11:58:06 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2346860216-1327885937-482592253-1000Core.job
[2011/07/12 20:30:19 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2346860216-1327885937-482592253-1003Core.job
[2011/07/12 11:51:47 | 000,158,851 | ---- | M] () -- C:\Users\Carla\Documents\walmartcom order.xps
[2011/07/10 12:20:59 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/10 12:20:59 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/07 11:57:31 | 000,070,247 | ---- | M] () -- C:\Users\Carla\Documents\farmers claim.xps
[2011/07/04 04:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 04:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/04 04:43:42 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/07/04 04:36:56 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/07/04 04:36:54 | 000,288,088 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/07/04 04:35:28 | 000,045,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/07/04 04:32:35 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/07/04 04:32:24 | 000,064,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/07/04 04:32:14 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/07/01 12:15:14 | 000,017,617 | ---- | M] () -- C:\Users\Carla\Documents\union pacific lego train.jpg
[2011/07/01 12:13:17 | 000,007,470 | ---- | M] () -- C:\Users\Carla\Documents\union pacific train front view.jpg
[2011/07/01 12:13:01 | 000,007,648 | ---- | M] () -- C:\Users\Carla\Documents\union pacific train side view.jpg
[2011/06/27 23:41:24 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/06/27 22:33:47 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/27 22:33:47 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/27 22:33:47 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/24 19:40:48 | 000,037,870 | ---- | M] () -- C:\Users\Carla\Desktop\AMTRAK SERIES, GENESIS LOCOMOTIVE.jpg
[2011/06/23 23:46:49 | 000,002,508 | ---- | M] () -- C:\Users\Carla\Desktop\Maximlionel emWoodenem Ny Central Passenger Carthomas Cmp.jpg
[2011/06/20 13:23:30 | 000,007,451 | ---- | M] () -- C:\Users\Carla\Desktop\Click to enlarge.gif
[2011/06/20 12:34:39 | 000,005,705 | ---- | M] () -- C:\Users\Carla\Desktop\imgres
[2011/06/19 12:21:44 | 003,261,952 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil
[2011/06/18 14:51:50 | 000,013,006 | ---- | M] () -- C:\Users\Carla\Desktop\41HuOxzg7aL._SL500_AA300_.jpg
[2011/06/18 14:50:41 | 000,150,086 | ---- | M] () -- C:\Users\Carla\Desktop\716IEVE097L._AA1500_.jpg
[2011/06/15 09:58:51 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\WolfQuest 2 Manual.lnk
[2011/06/15 09:58:51 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\WolfQuest Survival of the Pack.lnk
[2011/06/15 09:58:50 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\WolfQuest Website.lnk
[2011/06/15 09:58:48 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\WolfQuest 2 Release Notes.lnk
[2011/06/15 09:58:48 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\WolfQuest 2 Help.lnk
[2 C:\Users\Carla\Documents\*.tmp files -> C:\Users\Carla\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/12 11:51:46 | 000,158,851 | ---- | C] () -- C:\Users\Carla\Documents\walmartcom order.xps
[2011/07/07 11:57:30 | 000,070,247 | ---- | C] () -- C:\Users\Carla\Documents\farmers claim.xps
[2011/07/01 12:15:25 | 000,017,617 | ---- | C] () -- C:\Users\Carla\Documents\union pacific lego train.jpg
[2011/07/01 12:13:24 | 000,007,470 | ---- | C] () -- C:\Users\Carla\Documents\union pacific train front view.jpg
[2011/07/01 12:13:13 | 000,007,648 | ---- | C] () -- C:\Users\Carla\Documents\union pacific train side view.jpg
[2011/06/27 23:41:24 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/06/24 19:40:48 | 000,037,870 | ---- | C] () -- C:\Users\Carla\Desktop\AMTRAK SERIES, GENESIS LOCOMOTIVE.jpg
[2011/06/23 23:46:49 | 000,002,508 | ---- | C] () -- C:\Users\Carla\Desktop\Maximlionel emWoodenem Ny Central Passenger Carthomas Cmp.jpg
[2011/06/20 13:23:30 | 000,007,451 | ---- | C] () -- C:\Users\Carla\Desktop\Click to enlarge.gif
[2011/06/20 12:34:39 | 000,005,705 | ---- | C] () -- C:\Users\Carla\Desktop\imgres
[2011/06/18 14:51:50 | 000,013,006 | ---- | C] () -- C:\Users\Carla\Desktop\41HuOxzg7aL._SL500_AA300_.jpg
[2011/06/18 14:50:41 | 000,150,086 | ---- | C] () -- C:\Users\Carla\Desktop\716IEVE097L._AA1500_.jpg
[2011/06/15 09:58:51 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\WolfQuest 2 Manual.lnk
[2011/06/15 09:58:51 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\WolfQuest Survival of the Pack.lnk
[2011/06/15 09:58:48 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\WolfQuest 2 Release Notes.lnk
[2011/06/15 09:58:48 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\WolfQuest Website.lnk
[2011/06/15 09:58:48 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\WolfQuest 2 Help.lnk
[2011/04/22 12:39:47 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/03 13:27:49 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/03/11 02:04:23 | 000,033,907 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/03/11 02:03:29 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/03/11 02:02:49 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011/03/11 02:02:10 | 000,003,879 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011/03/05 22:59:27 | 000,000,088 | ---- | C] () -- C:\Windows\galaxy.ini
[2011/02/24 11:56:49 | 000,000,483 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/03/08 12:14:51 | 000,000,000 | ---D | M] -- C:\Users\Carla\AppData\Roaming\KeePass
[2011/03/25 13:30:57 | 000,000,000 | ---D | M] -- C:\Users\Carla\AppData\Roaming\Notepad++
[2011/02/22 11:36:00 | 000,000,000 | ---D | M] -- C:\Users\Carla\AppData\Roaming\OpenOffice.org
[2011/02/25 15:21:12 | 000,000,000 | ---D | M] -- C:\Users\Carla\AppData\Roaming\Stardock
[2011/05/10 20:29:00 | 000,000,000 | ---D | M] -- C:\Users\Carla\AppData\Roaming\Subversion
[2011/06/23 11:08:07 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP