Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown Spyware

Started by Threan , Jan 26 2011 10:26 AM

  • Please log in to reply

#1
Threan
Posted 26 January 2011 - 10:26 AM

Threan

    New Member

  • Member
  • Pip
  • 2 posts
Lately this computer has been very slow. I don't know how this spyware has been acquired there have been no error codes or anything that would normally indicated there's a virus in the works. All that is noticeable is that the computer is very very slow compared to how it was previously and it also on regular intervals hijacks a WoW account. This "account theft" happens even if the password is copy pasted or something similar.

Have scanned twice with Avast, has found nothing.

OTL logg:

OTL logfile created on: 2011-01-26 17:12:18 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Marias\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 329,00 Mb Available Physical Memory | 32,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 43,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 363,01 Gb Total Space | 282,06 Gb Free Space | 77,70% Space Free | Partition Type: NTFS
Drive F: | 335,53 Gb Total Space | 19,80 Gb Free Space | 5,90% Space Free | Partition Type: NTFS

Computer Name: MAMAS-DATOR | User Name: Marias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-01-26 17:10:45 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Marias\Downloads\OTL.exe
PRC - [2011-01-18 20:02:24 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugin-container.exe
PRC - [2011-01-18 20:02:23 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\firefox.exe
PRC - [2011-01-13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program\Alwil Software\Avast5\AvastUI.exe
PRC - [2011-01-13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010-09-24 18:30:25 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010-09-24 18:30:14 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009-06-17 12:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe


========== Modules (SafeList) ==========

MOD - [2011-01-26 17:10:45 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Marias\Downloads\OTL.exe
MOD - [2011-01-22 21:37:10 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program\Alwil Software\Avast5\snxhk.dll
MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-01-13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010-08-26 02:57:14 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010-09-24 18:30:25 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010-09-24 18:30:14 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-01-13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010-09-25 18:55:50 | 000,413,184 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2010-08-26 04:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010-08-26 04:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-08-26 02:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-07-15 13:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2009-12-17 23:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009-08-09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009-07-14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009-06-10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005-03-29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 CA 8C EE 95 64 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\components [2011-01-18 20:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugins

[2010-10-22 17:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marias\AppData\Roaming\mozilla\Extensions
File not found (No name found) --
[2011-01-16 15:48:54 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 6\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [Sidebar] File not found
O4 - Startup: C:\Users\Marias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.150.193.150 83.255.245.11
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{be5a5c78-c8cd-11df-9479-001bfce41cab}\Shell - "" = AutoRun
O33 - MountPoints2\{be5a5c78-c8cd-11df-9479-001bfce41cab}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{f8ab2f2a-dcf3-11df-bc86-001bfce41cab}\Shell - "" = AutoRun
O33 - MountPoints2\{f8ab2f2a-dcf3-11df-bc86-001bfce41cab}\Shell\AutoRun\command - "" = D:\OblivionLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-01-22 21:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011-01-22 21:34:14 | 000,020,560 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011-01-22 21:34:13 | 000,273,488 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011-01-22 21:34:11 | 000,051,792 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011-01-22 21:34:11 | 000,029,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011-01-22 21:34:07 | 000,237,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011-01-22 21:34:07 | 000,062,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011-01-22 21:32:43 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011-01-22 21:32:43 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-01-22 21:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011-01-22 21:32:42 | 000,000,000 | ---D | C] -- C:\Program\Alwil Software
[2011-01-22 21:23:27 | 000,000,000 | ---D | C] -- C:\Users\Marias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2011-01-22 21:22:39 | 000,000,000 | ---D | C] -- C:\Users\Marias\AppData\Local\Apps
[2011-01-22 21:22:37 | 000,000,000 | ---D | C] -- C:\Users\Marias\AppData\Local\Deployment
[2011-01-17 23:52:20 | 000,000,000 | ---D | C] -- C:\494a0e99c0f5d70d31ad
[2011-01-16 15:51:07 | 000,000,000 | ---D | C] -- C:\Users\Marias\AppData\Roaming\skypePM
[2011-01-16 15:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011-01-16 15:49:01 | 000,000,000 | ---D | C] -- C:\Users\Marias\AppData\Local\Google
[2011-01-16 15:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011-01-16 15:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011-01-16 15:48:28 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011-01-16 15:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011-01-16 15:48:27 | 000,000,000 | ---D | C] -- C:\Users\Marias\AppData\Roaming\Skype
[2011-01-16 15:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

========== Files - Modified Within 30 Days ==========

[2011-01-26 17:00:32 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-01-26 17:00:32 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-01-26 16:59:02 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-01-26 16:55:33 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-01-26 16:55:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-01-26 16:55:14 | 804,806,656 | -HS- | M] () -- C:\hiberfil.sys
[2011-01-24 12:44:32 | 001,474,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-01-24 12:44:32 | 000,628,354 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2011-01-24 12:44:32 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-01-24 12:44:32 | 000,124,808 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2011-01-24 12:44:32 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-01-22 21:34:17 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011-01-22 21:34:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011-01-22 21:24:03 | 000,000,000 | ---- | M] () -- C:\Users\Marias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011-01-22 21:23:27 | 000,000,312 | ---- | M] () -- C:\Users\Marias\Desktop\Curse Client.appref-ms
[2011-01-21 19:33:49 | 000,000,758 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011-01-16 15:51:21 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011-01-16 15:49:46 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011-01-16 15:48:29 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-01-15 16:51:00 | 001,467,568 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-01-13 09:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-01-13 09:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011-01-13 09:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011-01-13 09:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011-01-13 09:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011-01-13 09:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011-01-13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011-01-13 09:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011-01-07 12:10:59 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011-01-22 21:34:17 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011-01-22 21:34:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011-01-22 21:24:03 | 000,000,000 | ---- | C] () -- C:\Users\Marias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011-01-22 21:23:27 | 000,000,312 | ---- | C] () -- C:\Users\Marias\Desktop\Curse Client.appref-ms
[2011-01-16 15:51:21 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011-01-16 15:49:46 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011-01-16 15:49:09 | 000,000,950 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-01-16 15:49:07 | 000,000,946 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-01-16 15:48:29 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011-01-15 16:51:00 | 001,467,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-01-07 12:10:59 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010-10-22 17:50:34 | 000,000,758 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010-10-21 20:39:55 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010-10-09 20:45:30 | 000,000,031 | ---- | C] () -- C:\Program\plugins-04041e-1f8.dat
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008-10-07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008-10-07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008-10-07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2010-12-25 21:52:57 | 000,000,000 | ---D | M] -- C:\Users\Marias\AppData\Roaming\LolClient
[2011-01-26 16:24:46 | 000,000,000 | ---D | M] -- C:\Users\Marias\AppData\Roaming\Spotify
[2010-10-09 18:45:32 | 000,000,000 | ---D | M] -- C:\Users\Marias\AppData\Roaming\Switchball
[2010-12-23 16:02:08 | 000,000,000 | ---D | M] -- C:\Users\Marias\AppData\Roaming\TS3Client
[2010-11-25 17:11:10 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by Threan, 26 January 2011 - 04:44 PM.

  • 0

Advertisements

#2
Threan
Posted 26 January 2011 - 04:46 PM

Threan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
The affected computer is connected to a network but none of the other computers on this network is showing signs of being afflicted. I would prefer if I could find the source of the problem as there's important files on the system and I fear backing them up as that might save the virus aswell. Especially since the AV isn't finding anything.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP