Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virtumonde and overall poor performance

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virtumonde and overall poor performance

Unread postby isis » August 30th, 2011, 10:29 am

Before I submit my log: I have Windows 7 Enterprise installed on my computer but it is still a personal computer used at home. I do use it for coding/designing websites but it is in no shape or form an actual business. When I first got this computer it ran pretty well for such low memory but I made the mistake of browsing the internet in open browser without any protection programs on to block malicious software and here I am :)

One day when I did a Spyboy S&D scan "Virtumonde" came up and I cannot remove it. But now I have BOH trackers on my computer and plenty of other fun malicious stuff. (I've tried uninstalling avast but it comes up in most all logs)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by isis at 10:21:19 on 2011-08-30
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.1216.589 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\slserv.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\isis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\isis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\isis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\isis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\isis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.0.1
TCP: Interfaces\{26E8A79F-0978-43D9-B816-75A3C529E62D} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{7DFD0662-4948-40A9-869F-D187FE37FAB3} : DhcpNameServer = 192.168.1.254 192.168.0.1
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\isis\appdata\roaming\mozilla\firefox\profiles\q9905z3n.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z128&install_date=20110818
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form ... 0110818&q=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\isis\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-8-17 16184]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-11 328536]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-6-24 393112]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-8-15 1526080]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-4 22712]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-2-10 10064]
R4 KProcessHacker2;KProcessHacker2;c:\program files\process hacker 2\kprocesshacker.sys [2011-8-29 33352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-8-17 820568]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-4 366640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-8 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-4 41272]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-13 15872]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2011-8-17 30600]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-13 52224]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2011-8-17 19280]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-11 1343400]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2011-8-17 18768]
.
=============== Created Last 30 ================
.
2011-08-30 13:50:51 -------- d-----w- c:\users\isis\appdata\roaming\Process Hacker 2
2011-08-30 03:30:26 -------- d-----w- c:\program files\Process Hacker 2
2011-08-30 02:58:15 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-08-30 02:58:09 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-30 02:58:09 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-08-30 02:57:35 -------- d-----w- c:\users\isis\appdata\roaming\TuneUp Software
2011-08-30 02:57:23 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-08-30 02:56:46 -------- d-----w- c:\programdata\TuneUp Software
2011-08-30 02:56:29 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-08-30 02:54:57 -------- d-----w- c:\program files\DealPly
2011-08-30 02:40:25 -------- d-----w- c:\users\isis\appdata\roaming\WinPatrol
2011-08-30 02:40:17 -------- d-----w- c:\programdata\InstallMate
2011-08-30 02:40:17 -------- d-----w- c:\program files\BillP Studios
2011-08-30 02:14:15 -------- d-----w- c:\program files\Trend Micro
2011-08-23 18:41:53 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-22 20:12:19 -------- d-----w- c:\windows\system32\SPReview
2011-08-22 20:11:19 -------- d-----w- c:\windows\system32\EventProviders
2011-08-18 16:20:22 -------- d-----w- c:\program files\StartNow Toolbar
2011-08-17 17:42:06 29008 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-08-17 17:42:06 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-08-17 17:40:41 -------- d-----w- c:\program files\Application Updater
2011-08-17 17:40:40 -------- d-----w- c:\program files\IObit Toolbar
2011-08-17 17:40:40 -------- d-----w- c:\program files\common files\Spigot
2011-08-14 15:12:41 -------- d-----w- c:\users\isis\appdata\roaming\OpenOffice.org
2011-08-12 13:16:09 -------- d-----w- c:\users\isis\appdata\roaming\ParetoLogic
2011-08-12 13:16:09 -------- d-----w- c:\users\isis\appdata\roaming\DriverCure
2011-08-12 13:15:29 -------- d-----w- c:\programdata\ParetoLogic
2011-08-12 13:15:29 -------- d-----w- c:\program files\ParetoLogic
2011-08-12 13:13:32 -------- d-----w- c:\program files\OpenOffice.org 3
2011-08-12 13:13:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-12 00:39:42 -------- d-----w- c:\users\isis\appdata\local\SoftGrid Client
2011-08-12 00:39:05 -------- d-----w- c:\users\isis\appdata\roaming\SoftGrid Client
2011-08-12 00:32:13 -------- d-----w- c:\users\isis\appdata\roaming\TP
2011-08-11 14:52:01 -------- d-----w- c:\users\isis\appdata\local\Google
2011-08-10 21:18:18 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 21:18:18 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 21:18:03 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 21:00:46 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-10 21:00:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-10 21:00:46 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-08-08 23:26:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-08 23:26:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-04 21:50:25 -------- d-----w- c:\users\isis\appdata\roaming\Malwarebytes
2011-08-04 21:50:16 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 21:50:15 -------- d-----w- c:\programdata\Malwarebytes
2011-08-04 21:50:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 21:50:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 21:31:51 -------- d-----w- c:\users\isis\appdata\roaming\AVG10
2011-08-04 21:30:19 -------- d--h--w- c:\programdata\Common Files
2011-08-04 21:25:13 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-04 21:25:13 -------- d-----w- c:\programdata\AVG10
2011-08-04 21:24:39 -------- d-----w- c:\program files\AVG
2011-08-04 17:41:09 -------- d-----w- c:\programdata\MFAData
2011-08-02 17:42:10 65536 --sha-r- c:\windows\system32\odbcad32Q.dll
2011-08-02 17:40:22 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e5ca2abb-aea3-456a-8e64-bbedea9f3e43}\mpengine.dll
.
==================== Find3M ====================
.
2011-08-22 20:25:12 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-12 02:55:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-11 16:22:17 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-06-11 16:21:44 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-06-11 16:21:44 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-06-11 16:21:44 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-06-11 16:21:26 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-11 16:21:26 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:22:51.92 ===============


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 6/4/2011 8:13:49 PM
System Uptime: 8/30/2011 9:14:33 AM (1 hours ago)
.
Motherboard: SHARP Corporation | | PC-AL Series
Processor: Mobile AMD Athlon(tm) 64 Processor 2700+ | PGA758 | 1603/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 121.736 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP33: 8/22/2011 4:09:58 PM - Windows Update
RP34: 8/23/2011 2:46:42 AM - Windows Update
RP35: 8/23/2011 5:48:10 PM - Windows Update
RP36: 8/29/2011 9:56:37 PM - avast! Free Antivirus Setup
RP37: 8/29/2011 10:01:16 PM - Removed Microsoft Office Click-to-Run 2010
RP38: 8/29/2011 10:57:03 PM - Installed TuneUp Utilities 2011
.
==== Installed Programs ======================
.
7-Zip 9.22beta
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 Plugin
Adobe Illustrator CS5.1
Adobe Photoshop CS5.1
Advanced SystemCare 4
DealPly
ERUNT 1.1j
FileZilla Client 3.5.0
Game Booster
Google Chrome
IObit Malware Fighter
IObit Toolbar v4.5
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.1
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 5.0 (x86 en-US)
OpenOffice.org 3.3
PDF Settings CS5
Process Hacker 2.20
Ralink Wireless LAN Card
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Smart Defrag 2
Spybot - Search & Destroy
StartNow Toolbar
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
WinPatrol
WinZip 15.5
.
==== Event Viewer Messages From Past Week ========
.
8/30/2011 9:36:28 AM, Error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 1 time(s).
8/29/2011 9:59:49 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/29/2011 9:35:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
8/29/2011 9:35:20 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/29/2011 7:18:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
8/29/2011 11:35:39 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
8/29/2011 11:20:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
8/29/2011 11:20:51 PM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/29/2011 11:20:26 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
8/29/2011 11:02:43 PM, Error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
8/27/2011 4:35:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
8/25/2011 10:10:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
8/23/2011 9:50:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
8/23/2011 12:19:45 AM, Error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).
8/23/2011 11:28:34 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{7DFD0662-4948-40A9-869F-D187FE37FAB3} because another computer on the network has the same name. The server could not start.
8/23/2011 11:28:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
.
==== End Of File ===========================
isis
Active Member
 
Posts: 11
Joined: August 30th, 2011, 10:03 am
Advertisement
Register to Remove

Re: Virtumonde and overall poor performance

Unread postby askey127 » September 1st, 2011, 7:37 pm

Hi isis,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Advanced SystemCare 4
IObit Malware Fighter
IObit Toolbar v4.5
Java(TM) 6 Update 26
Spybot - Search & Destroy
StartNow Toolbar
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)

Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstaller asks whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware

As you already have Malwarebytes' Anti-Malware installed on your computer, could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab. Choose Check for Updates.
  • After the update have been completed, select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.

So we are looking for the Malwarebytes log, and tell me how it went.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virtumonde and overall poor performance

Unread postby isis » September 2nd, 2011, 9:52 pm

Nothing was infected.

I also have that google redirect ad problem where sometimes I can't even get on google anymore because it's detected that it redirects me, you know what I mean right? I'm sure you do ^_^
isis
Active Member
 
Posts: 11
Joined: August 30th, 2011, 10:03 am

Re: Virtumonde and overall poor performance

Unread postby askey127 » September 3rd, 2011, 9:52 am

isis,
I notice that you have Windows 7 Enterprise version.
This is supplied to Corporations, along with a maintenance contract.
How did you get that copy of Windows?
I also notice you have an Adobe CS5 suite.
Is this computer used for business?
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For Vista or Win7, right click the icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for answers to my questions, and contents of the two logs from OTL.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virtumonde and overall poor performance

Unread postby isis » September 3rd, 2011, 2:16 pm

I have a wonderful friend who owns his own business and runs a radio show; he is the one who gave me this computer to use as a tool to exercise the skills I have in designing so that one day when I have mastered the skill of design, I can make it a business. But no, this is not used for a business right now. He said he had 4 already installed but had even more for Windows 7 Enterprise and so he kindly installed it on my computer.

I will do the logs right after this and if you have any other questions, ask away!
isis
Active Member
 
Posts: 11
Joined: August 30th, 2011, 10:03 am

Re: Virtumonde and overall poor performance

Unread postby isis » September 3rd, 2011, 2:32 pm

OTL logfile created on: 9/3/2011 2:18:22 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\isis\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.19 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 73.54% Memory free
2.37 Gb Paging File | 1.79 Gb Available in Paging File | 75.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 122.56 Gb Free Space | 82.23% Space Free | Partition Type: NTFS

Computer Name: ISIS-PC | User Name: isis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 14:16:29 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\isis\Downloads\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/15 15:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/03/15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2004/07/26 00:38:28 | 000,045,056 | ---- | M] ( ) -- C:\Windows\System32\slserv.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/22 13:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/04/14 21:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/11 23:36:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004/07/26 00:38:28 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/06/02 05:37:58 | 000,236,800 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/05/13 02:58:20 | 001,303,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/05/03 06:10:58 | 000,013,920 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/05/03 06:08:40 | 000,635,952 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/05/03 06:06:08 | 000,095,768 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/05/03 06:03:04 | 000,230,664 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/05/03 05:55:38 | 000,180,640 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/05/03 05:44:54 | 000,013,288 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/02/23 21:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcxsens.sys -- (ALCXSENS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1720305724-1132477395-487832035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1720305724-1132477395-487832035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1720305724-1132477395-487832035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 B8 2F E6 80 3A CC 01 [binary data]
IE - HKU\S-1-5-21-1720305724-1132477395-487832035-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1720305724-1132477395-487832035-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z128&install_date=20110818"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110818&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\isis\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\isis\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/21 09:50:40 | 000,000,000 | ---D | M]

[2011/06/11 12:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isis\AppData\Roaming\Mozilla\Extensions
[2011/08/30 12:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isis\AppData\Roaming\Mozilla\Firefox\Profiles\q9905z3n.default\extensions
[2011/08/17 13:02:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\isis\AppData\Roaming\Mozilla\Firefox\Profiles\q9905z3n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/18 12:20:20 | 000,001,945 | ---- | M] () -- C:\Users\isis\AppData\Roaming\Mozilla\Firefox\Profiles\q9905z3n.default\searchplugins\bing-zugo.xml
[2011/09/02 22:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/12 09:13:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/21 09:50:39 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2011/08/19 09:52:25 | 000,436,398 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15018 more lines...
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26E8A79F-0978-43D9-B816-75A3C529E62D}: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DFD0662-4948-40A9-869F-D187FE37FAB3}: DhcpNameServer = 192.168.1.254 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/30 12:14:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/08/30 09:50:51 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\Process Hacker 2
[2011/08/29 23:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2011/08/29 23:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2011/08/29 22:57:35 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\TuneUp Software
[2011/08/29 22:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/08/29 22:56:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/08/29 22:40:25 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\WinPatrol
[2011/08/29 22:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2011/08/29 22:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/08/29 22:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2011/08/29 22:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/24 16:01:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/24 16:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/24 16:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/23 14:41:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/22 16:12:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/08/22 16:11:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/08/18 12:21:57 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\FileZilla
[2011/08/18 12:21:34 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/08/18 12:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/08/18 12:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/08/18 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/08/16 10:04:05 | 000,000,000 | ---D | C] -- C:\Users\isis\Desktop\Memories
[2011/08/14 11:12:41 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\OpenOffice.org
[2011/08/12 09:16:09 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\ParetoLogic
[2011/08/12 09:16:09 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\DriverCure
[2011/08/12 09:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/08/12 09:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/08/12 09:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/08/12 09:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/12 09:13:15 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/11 20:39:42 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Local\SoftGrid Client
[2011/08/11 20:39:05 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\SoftGrid Client
[2011/08/11 20:32:13 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\TP
[2011/08/11 10:53:37 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/11 10:52:01 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Local\Google
[2011/08/10 17:18:18 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 17:18:18 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 17:01:57 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/10 17:01:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/10 17:01:57 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/10 17:01:57 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/10 17:01:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/10 17:01:42 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/10 17:01:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 17:01:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 17:01:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 17:00:47 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/10 17:00:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 17:00:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 17:00:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 17:00:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/08 19:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/08 19:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/04 17:50:25 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\Malwarebytes
[2011/08/04 17:50:16 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/04 17:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/04 17:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/04 17:50:11 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/04 17:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/04 17:31:51 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\AVG10
[2011/08/04 17:30:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/08/04 17:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/08/04 17:25:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/08/04 17:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/06/10 20:58:18 | 000,635,952 | ---- | C] ( ) -- C:\Windows\System32\drivers\slntamr.sys
[2011/06/10 20:58:18 | 000,095,768 | ---- | C] ( ) -- C:\Windows\System32\drivers\slnthal.sys
[2011/06/10 20:58:18 | 000,045,056 | ---- | C] ( ) -- C:\Windows\System32\slserv.exe
[2011/06/10 20:58:18 | 000,013,920 | ---- | C] ( ) -- C:\Windows\System32\drivers\RecAgent.sys
[2011/06/10 20:58:18 | 000,013,288 | ---- | C] ( ) -- C:\Windows\System32\drivers\slwdmsup.sys
[2011/06/10 20:58:17 | 001,303,128 | ---- | C] ( ) -- C:\Windows\System32\drivers\mtlstrm.sys
[2011/06/10 20:58:17 | 000,230,664 | ---- | C] ( ) -- C:\Windows\System32\drivers\mtlmnt5.sys
[2011/06/10 20:58:17 | 000,180,640 | ---- | C] ( ) -- C:\Windows\System32\drivers\ntmtlfax.sys

========== Files - Modified Within 30 Days ==========

[2011/09/03 14:01:23 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000UA.job
[2011/09/03 14:00:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/03 11:16:38 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000Core.job
[2011/09/02 22:35:11 | 000,007,614 | ---- | M] () -- C:\Users\isis\AppData\Local\resmon.resmoncfg
[2011/09/02 22:33:19 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/02 22:33:19 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/02 22:23:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/09/02 19:22:27 | 000,000,314 | -HS- | M] () -- C:\Windows\tasks\EPYFNMH.job
[2011/09/02 19:22:05 | 955,949,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/31 11:00:56 | 000,002,391 | ---- | M] () -- C:\Users\isis\Desktop\Google Chrome.lnk
[2011/08/30 22:19:23 | 000,056,754 | ---- | M] () -- C:\Users\isis\Documents\102.png
[2011/08/30 16:52:10 | 000,011,315 | ---- | M] () -- C:\Users\isis\Documents\quotio.png
[2011/08/29 23:30:27 | 000,001,978 | ---- | M] () -- C:\Users\isis\Desktop\Process Hacker 2.lnk
[2011/08/29 22:12:13 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/29 22:12:13 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/25 23:05:49 | 000,018,298 | ---- | M] () -- C:\Users\isis\Documents\NOIRET.png
[2011/08/24 16:01:09 | 000,000,894 | ---- | M] () -- C:\Users\isis\Desktop\NTREGOPT.lnk
[2011/08/24 16:01:09 | 000,000,875 | ---- | M] () -- C:\Users\isis\Desktop\ERUNT.lnk
[2011/08/24 01:42:16 | 000,000,296 | ---- | M] () -- C:\Users\isis\Documents\dd.rtf
[2011/08/23 19:48:57 | 003,784,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/23 17:45:24 | 001,108,600 | ---- | M] () -- C:\Users\isis\Desktop\NOIRET.ai
[2011/08/23 17:37:43 | 000,007,577 | ---- | M] () -- C:\Users\isis\Documents\brave.png
[2011/08/23 17:02:46 | 000,009,996 | ---- | M] () -- C:\Users\isis\Documents\noiret2.png
[2011/08/23 02:46:01 | 000,000,344 | ---- | M] () -- C:\Users\isis\Documents\Document.rtf
[2011/08/22 16:25:12 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/08/18 12:21:38 | 000,001,946 | ---- | M] () -- C:\Users\isis\Desktop\FileZilla Client.lnk
[2011/08/17 11:39:49 | 000,012,060 | ---- | M] () -- C:\Users\isis\Documents\neal.png
[2011/08/15 08:59:24 | 000,203,224 | ---- | M] () -- C:\Users\isis\Desktop\1929.6.115_1a.jpg
[2011/08/11 23:41:14 | 000,000,147 | ---- | M] () -- C:\Windows\wininit.ini
[2011/08/10 17:18:18 | 003,967,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 17:18:18 | 003,912,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 17:01:57 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/10 17:01:57 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/10 17:01:57 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/10 17:01:57 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/10 17:01:57 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/10 17:01:42 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/10 17:01:42 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 17:01:42 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 17:01:42 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 17:00:47 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/10 17:00:47 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 17:00:46 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 17:00:46 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 17:00:46 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/04 17:50:16 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/04 17:36:14 | 126,853,854 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.prepare

========== Files Created - No Company Name ==========

[2011/08/30 22:19:22 | 000,056,754 | ---- | C] () -- C:\Users\isis\Documents\102.png
[2011/08/30 16:52:10 | 000,011,315 | ---- | C] () -- C:\Users\isis\Documents\quotio.png
[2011/08/29 23:30:27 | 000,001,978 | ---- | C] () -- C:\Users\isis\Desktop\Process Hacker 2.lnk
[2011/08/25 23:05:48 | 000,018,298 | ---- | C] () -- C:\Users\isis\Documents\NOIRET.png
[2011/08/24 16:01:09 | 000,000,894 | ---- | C] () -- C:\Users\isis\Desktop\NTREGOPT.lnk
[2011/08/24 16:01:09 | 000,000,875 | ---- | C] () -- C:\Users\isis\Desktop\ERUNT.lnk
[2011/08/24 01:42:15 | 000,000,296 | ---- | C] () -- C:\Users\isis\Documents\dd.rtf
[2011/08/23 17:37:43 | 000,007,577 | ---- | C] () -- C:\Users\isis\Documents\brave.png
[2011/08/23 17:02:45 | 000,009,996 | ---- | C] () -- C:\Users\isis\Documents\noiret2.png
[2011/08/23 13:26:47 | 001,108,600 | ---- | C] () -- C:\Users\isis\Desktop\NOIRET.ai
[2011/08/23 02:46:01 | 000,000,344 | ---- | C] () -- C:\Users\isis\Documents\Document.rtf
[2011/08/18 12:21:38 | 000,001,946 | ---- | C] () -- C:\Users\isis\Desktop\FileZilla Client.lnk
[2011/08/17 11:39:48 | 000,012,060 | ---- | C] () -- C:\Users\isis\Documents\neal.png
[2011/08/15 08:59:38 | 000,203,224 | ---- | C] () -- C:\Users\isis\Desktop\1929.6.115_1a.jpg
[2011/08/11 23:48:23 | 000,007,614 | ---- | C] () -- C:\Users\isis\AppData\Local\resmon.resmoncfg
[2011/08/11 10:53:42 | 000,002,391 | ---- | C] () -- C:\Users\isis\Desktop\Google Chrome.lnk
[2011/08/11 10:52:03 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000UA.job
[2011/08/11 10:52:02 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000Core.job
[2011/08/10 19:27:14 | 000,000,147 | ---- | C] () -- C:\Windows\wininit.ini
[2011/08/04 17:50:16 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/04 17:33:07 | 126,853,854 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm.prepare
[2011/08/02 13:42:10 | 000,065,536 | RHS- | C] () -- C:\Windows\System32\odbcad32Q.dll
[2011/06/16 18:58:36 | 000,000,132 | ---- | C] () -- C:\Users\isis\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/16 16:20:17 | 000,001,456 | ---- | C] () -- C:\Users\isis\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/13 09:04:32 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/13 09:02:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/11 23:27:34 | 000,001,048 | ---- | C] () -- C:\Windows\System32\drivers\alcxinit.dat
[2011/06/11 23:22:21 | 000,086,016 | ---- | C] () -- C:\Windows\System32\test.dll
[2011/06/10 20:58:18 | 000,196,608 | ---- | C] () -- C:\Windows\System32\slextspk.dll
[2011/06/10 20:58:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\SLGen.dll
[2011/06/10 20:58:18 | 000,024,576 | ---- | C] () -- C:\Windows\slrundll.exe
[2011/06/10 20:58:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\coinst.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 003,784,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll

========== LOP Check ==========

[2011/08/04 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\AVG10
[2011/06/15 22:08:16 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/15 15:14:02 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/12 09:16:09 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\DriverCure
[2011/08/18 14:09:21 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\FileZilla
[2011/07/05 10:23:53 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\Foxit Software
[2011/08/17 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\IObit
[2011/08/14 11:12:41 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\OpenOffice.org
[2011/08/12 09:16:09 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\ParetoLogic
[2011/08/30 09:50:51 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\Process Hacker 2
[2011/08/29 22:01:12 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\SoftGrid Client
[2011/06/24 11:00:43 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/11 20:39:23 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\TP
[2011/08/29 22:57:36 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\TuneUp Software
[2011/08/29 22:40:25 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\WinPatrol
[2011/09/02 19:22:27 | 000,000,314 | -HS- | M] () -- C:\Windows\Tasks\EPYFNMH.job
[2009/07/14 00:53:46 | 000,022,142 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >





---------------------






OTL Extras logfile created on: 9/3/2011 2:18:22 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\isis\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.19 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 73.54% Memory free
2.37 Gb Paging File | 1.79 Gb Available in Paging File | 75.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 122.56 Gb Free Space | 82.23% Space Free | Partition Type: NTFS

Computer Name: ISIS-PC | User Name: isis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1720305724-1132477395-487832035-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"ERUNT_is1" = ERUNT 1.1j
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Process_Hacker2_is1" = Process Hacker 2.20

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1720305724-1132477395-487832035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.0
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2011 8:45:49 PM | Computer Name = isis-PC | Source = Application Virtualization Client | ID = 6001
Description =

Error - 8/12/2011 10:47:40 AM | Computer Name = isis-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 8/15/2011 5:19:17 PM | Computer Name = isis-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 8/16/2011 10:03:14 PM | Computer Name = isis-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 8/17/2011 1:31:16 PM | Computer Name = isis-PC | Source = Application Hang | ID = 1002
Description = The program Illustrator.exe version 15.1.0.39 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3f0 Start
Time: 01cc5cf10bfca77c Termination Time: 287 Application Path: C:\Program Files\Adobe\Adobe
Illustrator CS5.1\Support Files\Contents\Windows\Illustrator.exe Report Id: 9ecaef82-c8f6-11e0-b05f-0040d0638be2


Error - 8/19/2011 3:16:15 PM | Computer Name = isis-PC | Source = IMFservice | ID = 0
Description =

Error - 8/19/2011 3:16:15 PM | Computer Name = isis-PC | Source = IMFservice | ID = 0
Description =

Error - 8/22/2011 5:37:35 PM | Computer Name = isis-PC | Source = ESENT | ID = 215
Description = WinMail (2332) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 8/23/2011 12:19:38 AM | Computer Name = isis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ToolbarUpdaterService.exe, version: 0.0.0.0,
time stamp: 0x4e205299 Faulting module name: msxml3.dll, version: 8.110.7601.17514,
time stamp: 0x4ce7b8e9 Exception code: 0xc0000005 Fault offset: 0x00032531 Faulting
process id: 0x14c Faulting application start time: 0x01cc611310699bb2 Faulting application
path: C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe Faulting module
path: C:\Windows\System32\msxml3.dll Report Id: 1d478391-cd3f-11e0-849a-0040d0638be2

Error - 8/29/2011 10:02:01 PM | Computer Name = isis-PC | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 8/31/2011 9:59:06 PM | Computer Name = isis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 9/1/2011 9:12:41 AM | Computer Name = isis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 9/1/2011 5:02:29 PM | Computer Name = isis-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 9/1/2011 5:48:22 PM | Computer Name = isis-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:46:36 PM on ?9/?1/?2011 was unexpected.

Error - 9/1/2011 5:48:11 PM | Computer Name = isis-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 9/1/2011 5:48:28 PM | Computer Name = isis-PC | Source = Service Control Manager | ID = 7001
Description = The SBSD Security Center Service service depends on the Security Center
service which failed to start because of the following error: %%1058

Error - 9/1/2011 5:48:29 PM | Computer Name = isis-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 9/1/2011 5:49:11 PM | Computer Name = isis-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 9/1/2011 6:40:49 PM | Computer Name = isis-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:30:11 PM on ?9/?1/?2011 was unexpected.

Error - 9/1/2011 6:40:38 PM | Computer Name = isis-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.


< End of report >
isis
Active Member
 
Posts: 11
Joined: August 30th, 2011, 10:03 am

Re: Virtumonde and overall poor performance

Unread postby isis » September 3rd, 2011, 2:41 pm

Wow, from what I understand...my log is not so good but it shouldn't be too difficult to fix.

(Also, do you guys accept donations for your work?)

[there's a google bot looking at this page, what the?)
isis
Active Member
 
Posts: 11
Joined: August 30th, 2011, 10:03 am

Re: Virtumonde and overall poor performance

Unread postby askey127 » September 3rd, 2011, 4:49 pm

isis,
There is NO problem with the Google bot. Google has computers that search the contents of public websites to bring you the latest information about anything.
(It also allows us to look at what others are doing to fix infections like yours)
The same goes for bots from Yahoo and others. No harm at all.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Process Hacker

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    [2011/08/18 12:20:20 | 000,001,945 | ---- | M] () -- C:\Users\isis\AppData\Roaming\Mozilla\Firefox\Profiles\q9905z3n.default\searchplugins\bing-zugo.xml
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    [2011/08/29 22:57:35 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\TuneUp Software
    [2011/08/29 22:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
    [2011/08/29 22:56:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    [2011/08/29 23:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
    [2011/08/29 23:30:26 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
    [2011/08/12 09:16:09 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\ParetoLogic
    [2011/08/12 09:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
    [2011/08/12 09:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
    [2011/08/17 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\IObit
    [2011/08/12 09:16:09 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\ParetoLogic
    [2011/08/30 09:50:51 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\Process Hacker 2
    [2011/08/29 22:57:36 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\TuneUp Software
    [2011/09/02 19:22:27 | 000,000,314 | -HS- | M] () -- C:\Windows\Tasks\EPYFNMH.job
    [2011/08/04 17:31:51 | 000,000,000 | ---D | M] -- C:\Users\isis\AppData\Roaming\AVG10
    [2011/08/04 17:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
    [2011/08/04 17:25:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
    [2011/08/04 17:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    (Takes about 4 minutes on my XP net book)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

So we are looking for the results (contents of OTL.txt) from OTl, and the contents of SystemLook.txt.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virtumonde and overall poor performance

Unread postby isis » September 4th, 2011, 12:40 pm

OTL logfile created on: 9/4/2011 12:13:46 PM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\isis\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.19 Gb Total Physical Memory | 0.75 Gb Available Physical Memory | 63.50% Memory free
2.37 Gb Paging File | 1.84 Gb Available in Paging File | 77.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 122.75 Gb Free Space | 82.36% Space Free | Partition Type: NTFS

Computer Name: ISIS-PC | User Name: isis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 14:16:29 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\isis\Downloads\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/15 15:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2004/07/26 00:38:28 | 000,045,056 | ---- | M] ( ) -- C:\Windows\System32\slserv.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/14 21:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/11 23:36:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004/07/26 00:38:28 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/06/02 05:37:58 | 000,236,800 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/05/13 02:58:20 | 001,303,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/05/03 06:10:58 | 000,013,920 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/05/03 06:08:40 | 000,635,952 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/05/03 06:06:08 | 000,095,768 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/05/03 06:03:04 | 000,230,664 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/05/03 05:55:38 | 000,180,640 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/05/03 05:44:54 | 000,013,288 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/02/23 21:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcxsens.sys -- (ALCXSENS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 B8 2F E6 80 3A CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z128&install_date=20110818"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110818&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\isis\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\isis\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/21 09:50:40 | 000,000,000 | ---D | M]

[2011/06/11 12:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isis\AppData\Roaming\Mozilla\Extensions
[2011/08/30 12:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isis\AppData\Roaming\Mozilla\Firefox\Profiles\q9905z3n.default\extensions
[2011/08/17 13:02:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\isis\AppData\Roaming\Mozilla\Firefox\Profiles\q9905z3n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/02 22:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/12 09:13:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/21 09:50:39 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2011/08/19 09:52:25 | 000,436,398 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15018 more lines...
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26E8A79F-0978-43D9-B816-75A3C529E62D}: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DFD0662-4948-40A9-869F-D187FE37FAB3}: DhcpNameServer = 192.168.1.254 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/04 12:06:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/30 12:14:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/08/29 22:40:25 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\WinPatrol
[2011/08/29 22:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2011/08/29 22:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/08/29 22:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2011/08/29 22:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/08/24 16:01:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/24 16:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/24 16:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/23 14:41:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/22 16:12:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/08/22 16:11:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/08/18 12:21:57 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\FileZilla
[2011/08/18 12:21:34 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/08/18 12:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/08/18 12:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/08/18 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/08/16 10:04:05 | 000,000,000 | ---D | C] -- C:\Users\isis\Desktop\Memories
[2011/08/14 11:12:41 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\OpenOffice.org
[2011/08/12 09:16:09 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\DriverCure
[2011/08/12 09:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/08/12 09:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/12 09:13:15 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/11 20:39:42 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Local\SoftGrid Client
[2011/08/11 20:39:05 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\SoftGrid Client
[2011/08/11 20:32:13 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\TP
[2011/08/11 10:53:37 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/11 10:52:01 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Local\Google
[2011/08/10 17:18:18 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 17:18:18 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 17:01:57 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/10 17:01:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/10 17:01:57 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/10 17:01:57 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/10 17:01:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/10 17:01:42 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/10 17:01:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 17:01:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 17:01:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 17:00:47 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/10 17:00:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 17:00:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 17:00:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 17:00:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/08 19:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/08 19:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/10 20:58:18 | 000,635,952 | ---- | C] ( ) -- C:\Windows\System32\drivers\slntamr.sys
[2011/06/10 20:58:18 | 000,095,768 | ---- | C] ( ) -- C:\Windows\System32\drivers\slnthal.sys
[2011/06/10 20:58:18 | 000,045,056 | ---- | C] ( ) -- C:\Windows\System32\slserv.exe
[2011/06/10 20:58:18 | 000,013,920 | ---- | C] ( ) -- C:\Windows\System32\drivers\RecAgent.sys
[2011/06/10 20:58:18 | 000,013,288 | ---- | C] ( ) -- C:\Windows\System32\drivers\slwdmsup.sys
[2011/06/10 20:58:17 | 001,303,128 | ---- | C] ( ) -- C:\Windows\System32\drivers\mtlstrm.sys
[2011/06/10 20:58:17 | 000,230,664 | ---- | C] ( ) -- C:\Windows\System32\drivers\mtlmnt5.sys
[2011/06/10 20:58:17 | 000,180,640 | ---- | C] ( ) -- C:\Windows\System32\drivers\ntmtlfax.sys

========== Files - Modified Within 30 Days ==========

[2011/09/04 12:15:41 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/04 12:15:41 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/04 12:08:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/04 12:08:21 | 955,949,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/04 11:57:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000UA.job
[2011/09/04 10:57:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000Core.job
[2011/09/03 16:30:17 | 000,002,391 | ---- | M] () -- C:\Users\isis\Desktop\Google Chrome.lnk
[2011/09/02 22:35:11 | 000,007,614 | ---- | M] () -- C:\Users\isis\AppData\Local\resmon.resmoncfg
[2011/09/02 22:23:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/30 22:19:23 | 000,056,754 | ---- | M] () -- C:\Users\isis\Documents\102.png
[2011/08/30 16:52:10 | 000,011,315 | ---- | M] () -- C:\Users\isis\Documents\quotio.png
[2011/08/29 22:12:13 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/29 22:12:13 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/25 23:05:49 | 000,018,298 | ---- | M] () -- C:\Users\isis\Documents\NOIRET.png
[2011/08/24 16:01:09 | 000,000,894 | ---- | M] () -- C:\Users\isis\Desktop\NTREGOPT.lnk
[2011/08/24 16:01:09 | 000,000,875 | ---- | M] () -- C:\Users\isis\Desktop\ERUNT.lnk
[2011/08/24 01:42:16 | 000,000,296 | ---- | M] () -- C:\Users\isis\Documents\dd.rtf
[2011/08/23 19:48:57 | 003,784,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/23 17:45:24 | 001,108,600 | ---- | M] () -- C:\Users\isis\Desktop\NOIRET.ai
[2011/08/23 17:37:43 | 000,007,577 | ---- | M] () -- C:\Users\isis\Documents\brave.png
[2011/08/23 17:02:46 | 000,009,996 | ---- | M] () -- C:\Users\isis\Documents\noiret2.png
[2011/08/23 02:46:01 | 000,000,344 | ---- | M] () -- C:\Users\isis\Documents\Document.rtf
[2011/08/22 16:25:12 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/08/18 12:21:38 | 000,001,946 | ---- | M] () -- C:\Users\isis\Desktop\FileZilla Client.lnk
[2011/08/17 11:39:49 | 000,012,060 | ---- | M] () -- C:\Users\isis\Documents\neal.png
[2011/08/15 08:59:24 | 000,203,224 | ---- | M] () -- C:\Users\isis\Desktop\1929.6.115_1a.jpg
[2011/08/11 23:41:14 | 000,000,147 | ---- | M] () -- C:\Windows\wininit.ini
[2011/08/10 17:18:18 | 003,967,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 17:18:18 | 003,912,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 17:01:57 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/10 17:01:57 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/10 17:01:57 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/10 17:01:57 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/10 17:01:57 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/10 17:01:42 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/10 17:01:42 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 17:01:42 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 17:01:42 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 17:00:47 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/10 17:00:47 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 17:00:46 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 17:00:46 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 17:00:46 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

========== Files Created - No Company Name ==========

[2011/08/30 22:19:22 | 000,056,754 | ---- | C] () -- C:\Users\isis\Documents\102.png
[2011/08/30 16:52:10 | 000,011,315 | ---- | C] () -- C:\Users\isis\Documents\quotio.png
[2011/08/25 23:05:48 | 000,018,298 | ---- | C] () -- C:\Users\isis\Documents\NOIRET.png
[2011/08/24 16:01:09 | 000,000,894 | ---- | C] () -- C:\Users\isis\Desktop\NTREGOPT.lnk
[2011/08/24 16:01:09 | 000,000,875 | ---- | C] () -- C:\Users\isis\Desktop\ERUNT.lnk
[2011/08/24 01:42:15 | 000,000,296 | ---- | C] () -- C:\Users\isis\Documents\dd.rtf
[2011/08/23 17:37:43 | 000,007,577 | ---- | C] () -- C:\Users\isis\Documents\brave.png
[2011/08/23 17:02:45 | 000,009,996 | ---- | C] () -- C:\Users\isis\Documents\noiret2.png
[2011/08/23 13:26:47 | 001,108,600 | ---- | C] () -- C:\Users\isis\Desktop\NOIRET.ai
[2011/08/23 02:46:01 | 000,000,344 | ---- | C] () -- C:\Users\isis\Documents\Document.rtf
[2011/08/18 12:21:38 | 000,001,946 | ---- | C] () -- C:\Users\isis\Desktop\FileZilla Client.lnk
[2011/08/17 11:39:48 | 000,012,060 | ---- | C] () -- C:\Users\isis\Documents\neal.png
[2011/08/15 08:59:38 | 000,203,224 | ---- | C] () -- C:\Users\isis\Desktop\1929.6.115_1a.jpg
[2011/08/11 23:48:23 | 000,007,614 | ---- | C] () -- C:\Users\isis\AppData\Local\resmon.resmoncfg
[2011/08/11 10:53:42 | 000,002,391 | ---- | C] () -- C:\Users\isis\Desktop\Google Chrome.lnk
[2011/08/11 10:52:03 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000UA.job
[2011/08/11 10:52:02 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000Core.job
[2011/08/10 19:27:14 | 000,000,147 | ---- | C] () -- C:\Windows\wininit.ini
[2011/08/02 13:42:10 | 000,065,536 | RHS- | C] () -- C:\Windows\System32\odbcad32Q.dll
[2011/06/16 18:58:36 | 000,000,132 | ---- | C] () -- C:\Users\isis\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/16 16:20:17 | 000,001,456 | ---- | C] () -- C:\Users\isis\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/13 09:04:32 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/13 09:02:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/11 23:27:34 | 000,001,048 | ---- | C] () -- C:\Windows\System32\drivers\alcxinit.dat
[2011/06/11 23:22:21 | 000,086,016 | ---- | C] () -- C:\Windows\System32\test.dll
[2011/06/10 20:58:18 | 000,196,608 | ---- | C] () -- C:\Windows\System32\slextspk.dll
[2011/06/10 20:58:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\SLGen.dll
[2011/06/10 20:58:18 | 000,024,576 | ---- | C] () -- C:\Windows\slrundll.exe
[2011/06/10 20:58:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\coinst.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 003,784,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll

< End of report >


SystemLook 30.07.11 by jpshortstuff
Log created at 12:23 on 04/09/2011 by isis
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
isis
Active Member
 
Posts: 11
Joined: August 30th, 2011, 10:03 am

Re: Virtumonde and overall poor performance

Unread postby askey127 » September 5th, 2011, 10:34 am

isis,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    :Services
    SwitchBoard
    
    :Files
    C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Save it to your desktop.
-----------------------------------------------------------
Install Microsoft Security Essentials
Double Click the icon for the Microsoft Security Essentials installer.
Let it install, update itself, run a scan and delete anything it finds.

So we are looking for the new OTL log, and tell me about the installation/scan with Microsoft Security Essentials.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virtumonde and overall poor performance

Unread postby isis » September 5th, 2011, 11:08 pm

Okay so, each time I try to open Microsoft Security Essentials, it's closes itself.

{update} Tried uninstalling and reinstalling; still flicking on and off after a half second. I'm going to reboot and if that doesn't work I will try it in safe mode.

For some reason, I'm just about 100 percent positive, that my operating system is indeed Windows 7 64bit but that install for MSE did not work while the 32bit one did. Perhaps that has something to do with it, I don't know.

>_<

http://www.microsoft.com/en-us/security ... a4a87.aspx

After reading this, I will try installing with Internet Explore then proceed with the above course of action.
isis
Active Member
 
Posts: 11
Joined: August 30th, 2011, 10:03 am

Re: Virtumonde and overall poor performance

Unread postby askey127 » September 6th, 2011, 8:39 am

It may be that MSSE is not available for Win7 Enterprise, since MSSE targets home users.
(This kind of thing is one reason we don't normally work on Enterprise edition).
The Avira and AVG free versions have junk toolbars bundled along, and are not the best idea.
The only other free AV that is junk-free is Avast-see here: http://www.avast.com/free-antivirus-download
Good paid AVs are Kaspersky and Eset.
Decide on whch product to use; download and install immediately.

Don't surf while you are deciding, or we may have more work to do.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virtumonde and overall poor performance

Unread postby isis » September 6th, 2011, 12:11 pm

Oh....okay. Well, I booted in Safe Mode with networking and it worked and there were no threats.

But I agree that I should get another one.
isis
Active Member
 
Posts: 11
Joined: August 30th, 2011, 10:03 am

Re: Virtumonde and overall poor performance

Unread postby askey127 » September 6th, 2011, 1:54 pm

Tell me if you still have the "redirects" problem, or if it's OK now.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virtumonde and overall poor performance

Unread postby isis » September 7th, 2011, 10:07 am

Should I do quick or full scan with Avast?

Yes I do (still) have a redirect problem but it's really sporadic and only does it sometimes.

I did a quick scan last night and nothing came up. Also I had Avast when I first had the computer and some problems and it never found anything unless I was in Safe Mode.
isis
Active Member
 
Posts: 11
Joined: August 30th, 2011, 10:03 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware