Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virtumonde and overall poor performance

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Virtumonde and overall poor performance

Unread postby askey127 » September 7th, 2011, 2:23 pm

isis,
I would let it do a full scan, but it may take a while.
You can do it either before or after the items below.

Let's clear the redirects that have been saved up.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Let me know if you are still getting redirects.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: Virtumonde and overall poor performance

Unread postby isis » September 8th, 2011, 12:50 pm

OTL logfile created on: 9/8/2011 12:26:40 PM - Run 5
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\isis\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.19 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 50.15% Memory free
2.37 Gb Paging File | 1.66 Gb Available in Paging File | 69.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 127.08 Gb Free Space | 85.26% Space Free | Partition Type: NTFS

Computer Name: ISIS-PC | User Name: isis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/03 14:16:29 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\isis\Desktop\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/15 15:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2004/07/26 00:38:28 | 000,045,056 | ---- | M] ( ) -- C:\Windows\System32\slserv.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/03 08:28:23 | 000,400,440 | ---- | M] () -- C:\Users\isis\AppData\Local\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll
MOD - [2011/09/03 08:28:22 | 004,118,072 | ---- | M] () -- C:\Users\isis\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
MOD - [2011/09/03 08:26:51 | 000,104,520 | ---- | M] () -- C:\Users\isis\AppData\Local\Google\Chrome\Application\13.0.782.220\avutil-50.dll
MOD - [2011/09/03 08:26:49 | 000,203,848 | ---- | M] () -- C:\Users\isis\AppData\Local\Google\Chrome\Application\13.0.782.220\avformat-52.dll
MOD - [2011/09/03 08:26:48 | 001,846,344 | ---- | M] () -- C:\Users\isis\AppData\Local\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
MOD - [2011/09/03 06:35:01 | 006,338,720 | ---- | M] () -- C:\Users\isis\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll
MOD - [2011/05/22 13:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/04/14 21:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/11 23:36:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004/07/26 00:38:28 | 000,045,056 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/06/02 05:37:58 | 000,236,800 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RT2500.sys -- (RT2500)
DRV - [2004/05/13 02:58:20 | 001,303,128 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/05/03 06:10:58 | 000,013,920 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/05/03 06:08:40 | 000,635,952 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/05/03 06:06:08 | 000,095,768 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/05/03 06:03:04 | 000,230,664 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/05/03 05:55:38 | 000,180,640 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/05/03 05:44:54 | 000,013,288 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/02/23 21:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcxsens.sys -- (ALCXSENS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 F5 7F 7C 44 6C CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z128&install_date=20110818"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110818&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\isis\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\isis\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/06 20:40:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/21 09:50:40 | 000,000,000 | ---D | M]

[2011/06/11 12:26:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isis\AppData\Roaming\Mozilla\Extensions
[2011/08/30 12:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isis\AppData\Roaming\Mozilla\Firefox\Profiles\q9905z3n.default\extensions
[2011/08/17 13:02:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\isis\AppData\Roaming\Mozilla\Firefox\Profiles\q9905z3n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/02 22:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/12 09:13:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/06 20:40:53 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/07/21 09:50:39 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2011/08/19 09:52:25 | 000,436,398 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15018 more lines...
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SwitchBoard] File not found
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26E8A79F-0978-43D9-B816-75A3C529E62D}: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DFD0662-4948-40A9-869F-D187FE37FAB3}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/07 14:26:43 | 000,000,000 | ---D | C] -- C:\Users\isis\Documents\New folder
[2011/09/07 14:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/09/07 14:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/06 21:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/09/06 21:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/09/06 20:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/09/06 20:41:22 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/09/06 20:41:22 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/09/06 20:41:15 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/09/06 20:41:13 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/09/06 20:41:11 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/09/06 20:41:09 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/09/06 20:40:48 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/09/06 20:40:48 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/09/06 12:24:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/09/04 12:06:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/03 14:16:26 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\isis\Desktop\OTL.exe
[2011/08/30 12:14:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/08/29 22:40:25 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\WinPatrol
[2011/08/29 22:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2011/08/29 22:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/08/29 22:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2011/08/24 16:01:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/24 16:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/08/24 16:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/23 14:41:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/22 16:12:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/08/22 16:11:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/08/18 12:21:57 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\FileZilla
[2011/08/18 12:21:34 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011/08/18 12:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011/08/18 12:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/08/18 12:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/08/14 11:12:41 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\OpenOffice.org
[2011/08/12 09:16:09 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\DriverCure
[2011/08/12 09:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/12 09:13:15 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/11 20:39:42 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Local\SoftGrid Client
[2011/08/11 20:39:05 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\SoftGrid Client
[2011/08/11 20:32:13 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\TP
[2011/08/11 10:53:37 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/11 10:52:01 | 000,000,000 | ---D | C] -- C:\Users\isis\AppData\Local\Google
[2011/08/10 17:18:18 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 17:18:18 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 17:01:57 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/10 17:01:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/10 17:01:57 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/10 17:01:57 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/10 17:01:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/10 17:01:42 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/10 17:01:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 17:01:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 17:01:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 17:00:47 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/10 17:00:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 17:00:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 17:00:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 17:00:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/10 20:58:18 | 000,635,952 | ---- | C] ( ) -- C:\Windows\System32\drivers\slntamr.sys
[2011/06/10 20:58:18 | 000,095,768 | ---- | C] ( ) -- C:\Windows\System32\drivers\slnthal.sys
[2011/06/10 20:58:18 | 000,045,056 | ---- | C] ( ) -- C:\Windows\System32\slserv.exe
[2011/06/10 20:58:18 | 000,013,920 | ---- | C] ( ) -- C:\Windows\System32\drivers\RecAgent.sys
[2011/06/10 20:58:18 | 000,013,288 | ---- | C] ( ) -- C:\Windows\System32\drivers\slwdmsup.sys
[2011/06/10 20:58:17 | 001,303,128 | ---- | C] ( ) -- C:\Windows\System32\drivers\mtlstrm.sys
[2011/06/10 20:58:17 | 000,230,664 | ---- | C] ( ) -- C:\Windows\System32\drivers\mtlmnt5.sys
[2011/06/10 20:58:17 | 000,180,640 | ---- | C] ( ) -- C:\Windows\System32\drivers\ntmtlfax.sys

========== Files - Modified Within 30 Days ==========

[2011/09/08 12:30:12 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 12:30:12 | 000,014,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/08 12:24:36 | 000,001,245 | ---- | M] () -- C:\Users\isis\Desktop\notepad.lnk
[2011/09/08 12:19:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/08 12:19:29 | 955,949,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/07 23:28:44 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000UA.job
[2011/09/07 20:11:50 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/07 20:11:50 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/07 14:24:46 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/06 20:41:23 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/06 20:41:09 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/09/06 12:29:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/06 12:07:27 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000Core.job
[2011/09/04 12:22:08 | 000,139,264 | ---- | M] () -- C:\Users\isis\Desktop\SystemLook.exe
[2011/09/03 16:30:17 | 000,002,391 | ---- | M] () -- C:\Users\isis\Desktop\Google Chrome.lnk
[2011/09/03 14:16:29 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\isis\Desktop\OTL.exe
[2011/09/02 22:35:11 | 000,007,614 | ---- | M] () -- C:\Users\isis\AppData\Local\resmon.resmoncfg
[2011/09/02 22:23:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/08/30 22:19:23 | 000,056,754 | ---- | M] () -- C:\Users\isis\Documents\102.png
[2011/08/30 16:52:10 | 000,011,315 | ---- | M] () -- C:\Users\isis\Documents\quotio.png
[2011/08/25 23:05:49 | 000,018,298 | ---- | M] () -- C:\Users\isis\Documents\NOIRET.png
[2011/08/24 16:01:09 | 000,000,894 | ---- | M] () -- C:\Users\isis\Desktop\NTREGOPT.lnk
[2011/08/24 16:01:09 | 000,000,875 | ---- | M] () -- C:\Users\isis\Desktop\ERUNT.lnk
[2011/08/24 01:42:16 | 000,000,296 | ---- | M] () -- C:\Users\isis\Documents\dd.rtf
[2011/08/23 19:48:57 | 003,784,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/23 17:37:43 | 000,007,577 | ---- | M] () -- C:\Users\isis\Documents\brave.png
[2011/08/23 17:02:46 | 000,009,996 | ---- | M] () -- C:\Users\isis\Documents\noiret2.png
[2011/08/23 02:46:01 | 000,000,344 | ---- | M] () -- C:\Users\isis\Documents\Document.rtf
[2011/08/22 16:25:12 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/08/18 12:21:38 | 000,001,946 | ---- | M] () -- C:\Users\isis\Desktop\FileZilla Client.lnk
[2011/08/17 11:39:49 | 000,012,060 | ---- | M] () -- C:\Users\isis\Documents\neal.png
[2011/08/11 23:41:14 | 000,000,147 | ---- | M] () -- C:\Windows\wininit.ini
[2011/08/10 17:18:18 | 003,967,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/10 17:18:18 | 003,912,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/10 17:01:57 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/08/10 17:01:57 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/08/10 17:01:57 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/08/10 17:01:57 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/08/10 17:01:57 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/08/10 17:01:42 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/08/10 17:01:42 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/10 17:01:42 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 17:01:42 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 17:01:42 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 17:01:42 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 17:00:47 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/08/10 17:00:47 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/10 17:00:46 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/10 17:00:46 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/10 17:00:46 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

========== Files Created - No Company Name ==========

[2011/09/08 12:24:36 | 000,001,245 | ---- | C] () -- C:\Users\isis\Desktop\notepad.lnk
[2011/09/07 14:24:46 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/06 20:41:23 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/09/05 23:01:55 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/09/04 12:22:06 | 000,139,264 | ---- | C] () -- C:\Users\isis\Desktop\SystemLook.exe
[2011/08/30 22:19:22 | 000,056,754 | ---- | C] () -- C:\Users\isis\Documents\102.png
[2011/08/30 16:52:10 | 000,011,315 | ---- | C] () -- C:\Users\isis\Documents\quotio.png
[2011/08/25 23:05:48 | 000,018,298 | ---- | C] () -- C:\Users\isis\Documents\NOIRET.png
[2011/08/24 16:01:09 | 000,000,894 | ---- | C] () -- C:\Users\isis\Desktop\NTREGOPT.lnk
[2011/08/24 16:01:09 | 000,000,875 | ---- | C] () -- C:\Users\isis\Desktop\ERUNT.lnk
[2011/08/24 01:42:15 | 000,000,296 | ---- | C] () -- C:\Users\isis\Documents\dd.rtf
[2011/08/23 17:37:43 | 000,007,577 | ---- | C] () -- C:\Users\isis\Documents\brave.png
[2011/08/23 17:02:45 | 000,009,996 | ---- | C] () -- C:\Users\isis\Documents\noiret2.png
[2011/08/23 02:46:01 | 000,000,344 | ---- | C] () -- C:\Users\isis\Documents\Document.rtf
[2011/08/18 12:21:38 | 000,001,946 | ---- | C] () -- C:\Users\isis\Desktop\FileZilla Client.lnk
[2011/08/17 11:39:48 | 000,012,060 | ---- | C] () -- C:\Users\isis\Documents\neal.png
[2011/08/11 23:48:23 | 000,007,614 | ---- | C] () -- C:\Users\isis\AppData\Local\resmon.resmoncfg
[2011/08/11 10:53:42 | 000,002,391 | ---- | C] () -- C:\Users\isis\Desktop\Google Chrome.lnk
[2011/08/11 10:52:03 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000UA.job
[2011/08/11 10:52:02 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1720305724-1132477395-487832035-1000Core.job
[2011/08/10 19:27:14 | 000,000,147 | ---- | C] () -- C:\Windows\wininit.ini
[2011/08/02 13:42:10 | 000,065,536 | RHS- | C] () -- C:\Windows\System32\odbcad32Q.dll
[2011/06/16 18:58:36 | 000,000,132 | ---- | C] () -- C:\Users\isis\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/06/16 16:20:17 | 000,001,456 | ---- | C] () -- C:\Users\isis\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/06/13 09:04:32 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/13 09:02:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/11 23:27:34 | 000,001,048 | ---- | C] () -- C:\Windows\System32\drivers\alcxinit.dat
[2011/06/11 23:22:21 | 000,086,016 | ---- | C] () -- C:\Windows\System32\test.dll
[2011/06/10 20:58:18 | 000,196,608 | ---- | C] () -- C:\Windows\System32\slextspk.dll
[2011/06/10 20:58:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\SLGen.dll
[2011/06/10 20:58:18 | 000,024,576 | ---- | C] () -- C:\Windows\slrundll.exe
[2011/06/10 20:58:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\coinst.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 003,784,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2003/09/23 08:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\System32\cygxml2-2.dll
[2003/08/10 10:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\System32\cygiconv-2.dll
[2003/08/08 20:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll

< End of report >


No idea if I'm getting redirects, I'm browsing in incognito as much as possible...

I don't know but my registry could have some problems because of Advanced System Care.
isis
Active Member
 
Posts: 11
Joined: August 30th, 2011, 10:03 am

Re: Virtumonde and overall poor performance

Unread postby askey127 » September 9th, 2011, 8:03 am

The Tune Up Utilities, or any of the IObit programs, like Advanced System care, could cause problems, since it's not likely that any of them were tested with an Enterprise version of Windows.
Any Registry cleaner/booster is risky in the best of situations, and best avoided.
We will not be able to correct any problem of that sort on this forum.

Your machine does look free of malware now, based on the scans we have run.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virtumonde and overall poor performance

Unread postby isis » September 9th, 2011, 12:07 pm

Thank you for your help - I'll be making a donation sometime this weekend.
isis
Active Member
 
Posts: 11
Joined: August 30th, 2011, 10:03 am

Re: Virtumonde and overall poor performance

Unread postby askey127 » September 10th, 2011, 4:24 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware