Win 7 Trojan:DOS/Alureon.A

No1Herd · Nov 9, 2012

When running eset it locked up the computer but I let it run all night the screen was black in the morning and unresponsive. I had to reboot and now my network adapter is not working.

Broni · Nov 9, 2012

Post new FSS log.

No1Herd · Nov 9, 2012

I'll send that to you tomorrow I am out currently. Thanks

No1Herd · Nov 10, 2012

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012 (ATTENTION: FRST version is 11 days old)
Ran by SYSTEM at 10-11-2012 17:22:27
Running from F:\stuff
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
==================== Services (Whitelisted) ===================
4 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [79360 2011-06-08] (Autodesk)
4 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()
4 McAfeeEngineService; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe" [20792 2010-03-25] (McAfee, Inc.)
4 McAfeeFramework; "C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2009-08-25] (McAfee, Inc.)
4 McShield; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe" [180968 2010-03-25] (McAfee, Inc.)
4 McTaskManager; "C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe" [66880 2010-03-25] (McAfee, Inc.)
2 mfevtp; C:\Windows\system32\mfevtps.exe [79504 2010-03-25] (McAfee, Inc.)
4 mi-raysat_3dsMax2009_64; "C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe" [65536 2008-03-09] ()
2 MsDtsServer100; "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" [210784 2011-04-23] (Microsoft Corporation)
2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [61916000 2011-04-23] (Microsoft Corporation)
4 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm)
2 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -I MSSQLSERVER [428384 2011-04-23] (Microsoft Corporation)
2 vpnagent; "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [475088 2011-09-09] (Cisco Systems, Inc.)
==================== Drivers (Whitelisted) =====================
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [97576 2010-03-25] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [120096 2010-03-25] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [469400 2010-03-25] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [78896 2010-03-25] (McAfee, Inc.)
1 mfetdik; C:\Windows\System32\Drivers\mfetdik.sys [84424 2010-03-25] (McAfee, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-11-10 14:09 - 2012-11-10 14:09 - 00000000 ____D C:\FRST
2012-11-10 11:43 - 2012-11-10 11:43 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG8
2012-11-10 11:32 - 2012-11-10 11:36 - 00000000 ____D C:\Users\Administrator\Desktop\New folder (3)
2012-11-08 21:11 - 2012-11-08 21:11 - 00002120 ____A C:\scu.dat
2012-11-08 20:22 - 2012-11-08 20:22 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-08 20:17 - 2012-11-08 20:17 - 00448512 ____A (OldTimer Tools) C:\Users\Administrator\Downloads\TFC.exe
2012-11-08 20:07 - 2012-11-08 20:07 - 00002158 ____A C:\Users\Administrator\Downloads\FSS.txt
2012-11-08 20:05 - 2012-11-08 20:05 - 00694507 ____A (Farbar) C:\Users\Administrator\Downloads\FSS.exe
2012-11-08 19:58 - 2012-11-08 19:58 - 00881833 ____A C:\Users\Administrator\Downloads\SecurityCheck.exe
2012-11-08 19:52 - 2012-11-08 19:52 - 00000000 ____D C:\_OTL
2012-11-08 06:19 - 2012-11-08 06:19 - 00108494 ____A C:\Users\Administrator\Downloads\Extras.Txt
2012-11-08 06:19 - 2012-11-08 06:19 - 00071182 ____A C:\Users\Administrator\Downloads\OTL.Txt
2012-11-08 06:12 - 2012-11-08 06:12 - 00602112 ____A (OldTimer Tools) C:\Users\Administrator\Downloads\OTL.exe
2012-11-08 05:00 - 2012-11-08 05:01 - 00000582 ____A C:\Windows\wininit.ini
2012-11-07 20:10 - 2012-11-07 20:10 - 00040552 ____A C:\ComboFix.txt
2012-11-07 20:02 - 2012-11-07 20:10 - 00000000 ____D C:\Qoobox
2012-11-07 20:02 - 2012-11-07 20:08 - 00000000 ____D C:\Windows\erdnt
2012-11-07 20:02 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-07 20:02 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-07 20:02 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-07 20:02 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-07 20:02 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-07 20:02 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-07 20:02 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-07 20:02 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-07 19:59 - 2012-11-06 17:47 - 04997881 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2012-11-07 19:21 - 2012-11-07 19:21 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-11-07 19:20 - 2012-11-07 19:20 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-07 19:20 - 2012-11-07 19:20 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-07 19:20 - 2012-11-07 19:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-07 19:20 - 2012-09-29 16:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-07 19:18 - 2012-11-07 19:19 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.65.1.1000.exe
2012-11-07 19:09 - 2012-11-07 19:09 - 00002865 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_11072012_02d2209.txt
2012-11-07 19:09 - 2012-11-07 19:09 - 00002800 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_11072012_02d2209.txt
2012-11-07 19:08 - 2012-11-07 19:08 - 00662016 ____A C:\Users\Administrator\Downloads\RogueKiller.exe
2012-11-07 19:07 - 2012-11-07 19:09 - 00000000 ____D C:\Users\Administrator\Desktop\RK_Quarantine
2012-11-07 00:45 - 2012-11-07 00:45 - 00153266 ____A C:\KasperskyRescueDisk10.txt
2012-11-07 00:43 - 2012-11-07 00:43 - 00153091 ____A C:\KasperskyRescueDisk10
2012-11-05 17:59 - 2012-11-06 19:40 - 00000000 ____D C:\Stuff
2012-11-04 20:59 - 2012-11-04 21:00 - 00003615 ____A C:\Users\Administrator\Desktop\FRST.txt
2012-11-04 13:54 - 2012-11-04 06:24 - 01459963 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2012-11-04 13:35 - 2012-11-04 13:35 - 00687724 ____A (Swearware) C:\Users\Administrator\Desktop\dds.com
2012-11-04 13:35 - 2012-11-04 13:34 - 00302592 ____A C:\Users\Administrator\Desktop\r6yt3c6g.exe
2012-11-04 13:10 - 2012-11-04 13:09 - 00430592 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2012-11-04 13:03 - 2012-11-04 13:01 - 04996943 ____A (Swearware) C:\Users\Administrator\Desktop\Commy.exe
2012-11-04 12:29 - 2012-11-04 12:56 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2012-11-03 13:48 - 2012-11-03 13:48 - 00000000 ____D C:\Windows\pss
2012-11-03 13:40 - 2012-11-08 17:30 - 00001945 ____A C:\Windows\epplauncher.mif
2012-11-03 13:39 - 2012-11-03 13:40 - 00000000 ____D C:\d2f0698d88b3cc6c3cb9a2
2012-11-03 12:37 - 2012-11-03 12:37 - 543703852 ____A C:\Windows\MEMORY.DMP
2012-11-03 12:37 - 2012-11-03 12:37 - 00280640 ____A C:\Windows\Minidump\110312-27502-01.dmp
2012-11-02 17:55 - 2012-11-02 17:55 - 00280640 ____A C:\Windows\Minidump\110212-39671-01.dmp
2012-11-01 15:22 - 2012-11-01 15:22 - 00280640 ____A C:\Windows\Minidump\110112-33087-01.dmp
2012-10-18 18:11 - 2012-10-18 18:15 - 00000000 ____D C:\Program Files (x86)\e-Sword
2012-10-18 18:11 - 2012-10-18 18:12 - 00000000 ____D C:\Users\Administrator\Documents\e-Sword
2012-10-18 18:11 - 2012-10-18 18:11 - 00001945 ____A C:\Users\Public\Desktop\e-Sword.lnk
2012-10-18 17:58 - 2012-10-18 18:09 - 53158717 ____A (Rick Meyers) C:\Users\Administrator\Downloads\setup1010.exe
==================== 3 Months Modified Files ==================
2012-11-10 14:13 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-10 14:13 - 2009-07-13 20:51 - 00056748 ____A C:\Windows\setupact.log
2012-11-10 14:11 - 2011-02-08 08:38 - 02093450 ____A C:\Windows\WindowsUpdate.log
2012-11-10 14:11 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-10 14:11 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-10 14:09 - 2009-07-13 21:13 - 00877772 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-08 21:11 - 2012-11-08 21:11 - 00002120 ____A C:\scu.dat
2012-11-08 20:17 - 2012-11-08 20:17 - 00448512 ____A (OldTimer Tools) C:\Users\Administrator\Downloads\TFC.exe
2012-11-08 20:07 - 2012-11-08 20:07 - 00002158 ____A C:\Users\Administrator\Downloads\FSS.txt
2012-11-08 20:05 - 2012-11-08 20:05 - 00694507 ____A (Farbar) C:\Users\Administrator\Downloads\FSS.exe
2012-11-08 19:58 - 2012-11-08 19:58 - 00881833 ____A C:\Users\Administrator\Downloads\SecurityCheck.exe
2012-11-08 19:53 - 2011-02-08 11:01 - 00214136 ____A C:\Windows\PFRO.log
2012-11-08 17:30 - 2012-11-03 13:40 - 00001945 ____A C:\Windows\epplauncher.mif
2012-11-08 06:19 - 2012-11-08 06:19 - 00108494 ____A C:\Users\Administrator\Downloads\Extras.Txt
2012-11-08 06:19 - 2012-11-08 06:19 - 00071182 ____A C:\Users\Administrator\Downloads\OTL.Txt
2012-11-08 06:12 - 2012-11-08 06:12 - 00602112 ____A (OldTimer Tools) C:\Users\Administrator\Downloads\OTL.exe
2012-11-08 05:01 - 2012-11-08 05:00 - 00000582 ____A C:\Windows\wininit.ini
2012-11-07 20:10 - 2012-11-07 20:10 - 00040552 ____A C:\ComboFix.txt
2012-11-07 20:07 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-11-07 19:20 - 2012-11-07 19:20 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-07 19:19 - 2012-11-07 19:18 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-1.65.1.1000.exe
2012-11-07 19:09 - 2012-11-07 19:09 - 00002865 ____A C:\Users\Administrator\Desktop\RKreport[1]_S_11072012_02d2209.txt
2012-11-07 19:09 - 2012-11-07 19:09 - 00002800 ____A C:\Users\Administrator\Desktop\RKreport[2]_D_11072012_02d2209.txt
2012-11-07 19:08 - 2012-11-07 19:08 - 00662016 ____A C:\Users\Administrator\Downloads\RogueKiller.exe
2012-11-07 18:09 - 2012-03-24 16:44 - 00022593 ____A C:\aaw7boot.log
2012-11-07 00:45 - 2012-11-07 00:45 - 00153266 ____A C:\KasperskyRescueDisk10.txt
2012-11-07 00:43 - 2012-11-07 00:43 - 00153091 ____A C:\KasperskyRescueDisk10
2012-11-06 17:47 - 2012-11-07 19:59 - 04997881 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2012-11-04 21:00 - 2012-11-04 20:59 - 00003615 ____A C:\Users\Administrator\Desktop\FRST.txt
2012-11-04 13:35 - 2012-11-04 13:35 - 00687724 ____A (Swearware) C:\Users\Administrator\Desktop\dds.com
2012-11-04 13:34 - 2012-11-04 13:35 - 00302592 ____A C:\Users\Administrator\Desktop\r6yt3c6g.exe
2012-11-04 13:09 - 2012-11-04 13:10 - 00430592 ____A C:\Users\Administrator\Desktop\RogueKiller.exe
2012-11-04 13:01 - 2012-11-04 13:03 - 04996943 ____A (Swearware) C:\Users\Administrator\Desktop\Commy.exe
2012-11-04 12:56 - 2012-11-04 12:29 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2012-11-04 06:24 - 2012-11-04 13:54 - 01459963 ____A (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2012-11-03 12:37 - 2012-11-03 12:37 - 543703852 ____A C:\Windows\MEMORY.DMP
2012-11-03 12:37 - 2012-11-03 12:37 - 00280640 ____A C:\Windows\Minidump\110312-27502-01.dmp
2012-11-02 17:55 - 2012-11-02 17:55 - 00280640 ____A C:\Windows\Minidump\110212-39671-01.dmp
2012-11-01 15:22 - 2012-11-01 15:22 - 00280640 ____A C:\Windows\Minidump\110112-33087-01.dmp
2012-10-31 18:31 - 2011-02-08 10:25 - 00093064 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-31 17:29 - 2009-07-13 20:45 - 04931480 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-20 06:52 - 2012-03-27 06:51 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-10-20 06:52 - 2012-03-27 06:51 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-10-18 18:11 - 2012-10-18 18:11 - 00001945 ____A C:\Users\Public\Desktop\e-Sword.lnk
2012-10-18 18:09 - 2012-10-18 17:58 - 53158717 ____A (Rick Meyers) C:\Users\Administrator\Downloads\setup1010.exe
2012-10-10 23:04 - 2011-02-08 12:59 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 08:42 - 2012-10-09 08:42 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144 (1).zip
2012-10-08 19:10 - 2012-10-08 19:10 - 00136510 ____A C:\Users\Administrator\Downloads\ak2loader (5).zip
2012-10-08 17:38 - 2012-10-08 17:38 - 05303059 ____A C:\Users\Administrator\Downloads\AKAIO.1.9.0.zip
2012-10-08 17:33 - 2012-10-08 17:33 - 02812153 ____A C:\Users\Administrator\Downloads\ak2ifw_update_3ds43_dsi144.zip
2012-09-29 16:54 - 2012-11-07 19:20 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-14 11:19 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-04 20:07 - 2012-09-04 20:07 - 00000755 ____A C:\Users\Administrator\Documents\appleuids.txt
2012-09-04 20:07 - 2012-09-04 20:05 - 93221790 ____A C:\Users\Administrator\Downloads\Rxdzz.txt
2012-09-04 19:30 - 2012-09-04 19:30 - 00010828 ____A C:\Users\Administrator\Documents\NFL.xlsx
2012-08-31 10:19 - 2012-10-09 16:30 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 10:03 - 2012-10-09 16:30 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-09 16:30 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-09 16:30 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 10:05 - 2012-10-09 16:30 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-09 16:30 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-10-02 04:56 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-10-02 04:56 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-10-02 04:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-10-02 04:57 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-10-02 04:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-10-02 04:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-10-02 04:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-10-02 04:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-10-02 04:57 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-10-02 04:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-10-02 04:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-10-02 04:57 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-10-02 04:57 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-10-02 04:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-10-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-10-02 04:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-10-02 04:56 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-10-02 04:56 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-10-02 04:57 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-10-02 04:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-10-02 04:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-10-02 04:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-10-02 04:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-10-02 04:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-10-02 04:57 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-10-02 04:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-10-02 04:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-10-02 04:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-10-02 04:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-10-02 04:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-10-02 04:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-10-02 04:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-12 04:13 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 04:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 04:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 04:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-27 12:38 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 10:48 - 2012-10-09 16:31 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-09 16:31 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-09 16:31 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-09 16:31 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-09 16:31 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-09 16:31 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-09 16:31 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-09 16:31 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:30 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-09 16:31 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-09 16:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-09 16:30 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 16:30 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 16:30 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 16:30 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-11-07 19:58:18
Restore point made on: 2012-11-08 04:52:35
Restore point made on: 2012-11-08 05:03:34
Restore point made on: 2012-11-08 05:04:56
Restore point made on: 2012-11-10 12:01:04
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8117.84 MB
Available physical RAM: 7250.95 MB
Total Pagefile: 8116.04 MB
Available Pagefile: 7247.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:218.2 GB) (Free:29.44 GB) NTFS
2 Drive e: (WIN7SP1ULTX64) (CDROM) (Total:3.49 GB) (Free:0 GB) UDF
3 Drive f: (4 GB) (Removable) (Total:3.72 GB) (Free:1.64 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:14.65 GB) (Free:14.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3820 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 218 GB 14 GB
==================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 14 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 218 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3816 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F 4 GB FAT32 Removable 3816 MB Healthy
=========================================================
Last Boot: 2012-11-05 20:00
==================== End Of Log =============================

No1Herd · Nov 10, 2012

I got the wireless working again after multiple reboots it started working again... I will try the online scan again

Broni · Nov 10, 2012

Good news

No1Herd · Nov 10, 2012

C:\Users\Administrator\Downloads\cnet_pdr6free_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

Broni · Nov 10, 2012

Update Adobe Flash Player
Download for Internet Explorer: http://www.filehippo.com/download_flashplayer_ie_64/
Download for [/b]Firefox, Opera and other Gecko-based browsers[/b]: http://www.filehippo.com/download_flashplayer_firefox_64/

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

============================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

==========================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

===============================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

No1Herd · Nov 10, 2012

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 448447 bytes
->Temporary Internet Files folder emptied: 225891076 bytes
->Java cache emptied: 1880 bytes
->FireFox cache emptied: 3655779 bytes
->Flash cache emptied: 3418 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4964 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 219.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11102012_214517
Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2WQDD9RF\page-4[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11ZRIR82\ads[8].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

No1Herd · Nov 10, 2012

The computer seems to be running well. Thank you so much for your help. I am very impressed

Broni · Nov 11, 2012

Yes!!
Good luck and stay safe

TechSpot

Welcome to TechSpot

Win 7 Trojan:DOS/Alureon.A

No1Herd Newcomer, in training Posts: 45

Broni Malware Annihilator Posts: 39,252 +175

No1Herd Newcomer, in training Posts: 45

No1Herd Newcomer, in training Posts: 45

No1Herd Newcomer, in training Posts: 45

Broni Malware Annihilator Posts: 39,252 +175

No1Herd Newcomer, in training Posts: 45

Broni Malware Annihilator Posts: 39,252 +175

No1Herd Newcomer, in training Posts: 45

No1Herd Newcomer, in training Posts: 45

Broni Malware Annihilator Posts: 39,252 +175

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.