banner



Home  ›  how to clean out alureon windows 10

how to clean out alureon windows 10

Written By Saturday, December 18, 2021 Add Comment Edit

Machine looks good! MSE no longer reporting the presence of a virus. OTL logs below:

OTL logfile created on: 22/01/2012 21:41:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ChrisA\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.22% Memory free
3.92 Gb Paging File | 3.17 Gb Available in Paging File | 80.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.21 Gb Total Space | 241.14 Gb Free Space | 83.67% Space Free | Partition Type: NTFS
Drive D: | 9.78 Gb Total Space | 4.87 Gb Free Space | 49.73% Space Free | Partition Type: NTFS

Computer Name: CHRISA-PC | User Name: ChrisA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/22 21:39:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ChrisA\Desktop\OTL.exe
PRC - [2012/01/19 11:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/21 07:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:30 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/09 19:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/12/21 07:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/01/22 14:31:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/19 11:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/05/21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/09/17 19:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/06 04:43:52 | 000,273,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CB 01 E6 12 B1 D7 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/?ref=hp"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ChrisA\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ChrisA\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/20 20:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/20 20:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ChrisA\AppData\Roaming\Mozilla\Extensions
[2010/11/19 09:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ChrisA\AppData\Roaming\Mozilla\Firefox\Profiles\cp3kld4d.default\extensions
[2012/01/20 20:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/20 20:25:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/12/21 07:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 04:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 04:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Users\ChrisA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ChrisA\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\ChrisA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Desktop.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D5B2573-D935-49EF-98EF-979D0B625DC5}: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/22 21:40:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\ChrisA\Desktop\OTL.exe
[2012/01/22 21:25:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/22 21:20:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/22 14:45:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/01/21 03:59:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/01/21 03:59:26 | 000,000,000 | ---D | C] -- C:\Boot
[2012/01/21 03:59:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2012/01/20 22:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/01/20 22:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2012/01/20 22:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/01/20 22:48:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/01/20 22:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/01/20 22:48:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/01/20 22:47:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/01/20 22:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/20 21:06:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/01/20 21:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/01/20 21:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/01/20 20:59:33 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Winter Images
[2012/01/20 20:59:30 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\WalkNI
[2012/01/20 20:59:24 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Video
[2012/01/20 20:59:23 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Venture Outdoors
[2012/01/20 20:59:23 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Tourism Ireland FAM
[2012/01/20 20:59:23 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Tourism Ireland Blog
[2012/01/20 20:59:22 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Top Task Analysis
[2012/01/20 20:59:22 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\TO Fam Photos
[2012/01/20 20:59:22 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\The Irish News
[2012/01/20 20:59:18 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Tag Tournament and Quiz
[2012/01/20 20:59:14 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Tag
[2012/01/20 20:59:00 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Sportive Photos
[2012/01/20 20:58:58 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Sportive
[2012/01/20 20:58:56 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Send to Brendan
[2012/01/20 20:58:56 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\PR Plan 2012-13
[2012/01/20 20:58:46 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\PR
[2012/01/20 20:58:46 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Powerpoint slides
[2012/01/20 20:58:45 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\OutdoorNI Awards
[2012/01/20 20:58:43 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\OutdoorNI
[2012/01/20 20:58:42 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\NITB Industry Communications
[2012/01/20 20:58:41 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\NC Canoe Trail
[2012/01/20 20:58:40 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\National Trails Day Press Release s
[2012/01/20 20:58:40 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\MTB Website
[2012/01/20 20:58:33 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\MTB Mournes
[2012/01/20 20:58:33 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\London
[2012/01/20 20:58:33 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Learning Journey Photos 2011
[2012/01/20 20:58:32 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Kitchen
[2012/01/20 20:58:18 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Images
[2012/01/20 20:58:17 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Holly Hunt
[2012/01/20 20:58:17 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\General
[2012/01/20 20:58:17 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Francis Bradley FAM
[2012/01/20 20:58:16 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Countryfile
[2012/01/20 20:58:16 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Competition
[2012/01/20 20:58:16 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Chain Reaction Photos
[2012/01/20 20:58:12 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\CD
[2012/01/20 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Castle Ward
[2012/01/20 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\CanoeNI
[2012/01/20 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Brendan Coffey
[2012/01/20 20:57:56 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Bouldering
[2012/01/20 20:57:56 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Belfast Telegraph
[2012/01/20 20:57:55 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\B'Bourne
[2012/01/20 20:52:29 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Artwork
[2012/01/20 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\Ad'land 2012
[2012/01/20 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\48 hours in
[2012/01/20 20:52:28 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\Desktop\+1
[2012/01/20 20:47:07 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Local\VueSoft
[2012/01/20 20:47:04 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Local\Real
[2012/01/20 20:40:49 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Local\ElevatedDiagnostics
[2012/01/20 20:40:49 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Local\Apple Computer
[2012/01/20 20:40:48 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Local\Adobe
[2012/01/20 20:40:23 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\Dropbox
[2012/01/20 20:40:08 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/01/20 20:40:08 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Roxio
[2012/01/20 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Real
[2012/01/20 20:40:05 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Intel Corporation
[2012/01/20 20:40:05 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Google
[2012/01/20 20:40:05 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\com.facebookdesktop.app
[2012/01/20 20:38:23 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Apple Computer
[2012/01/20 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/01/20 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Mozilla
[2012/01/20 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Local\Mozilla
[2012/01/20 20:34:41 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Macromedia
[2012/01/20 20:34:37 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Adobe
[2012/01/20 20:33:57 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Malwarebytes
[2012/01/20 20:32:58 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/20 20:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/20 20:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/20 20:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/20 20:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/20 20:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/20 20:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/20 20:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/01/20 20:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/20 20:30:59 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Local\Apple
[2012/01/20 20:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/01/20 20:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/01/20 20:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/01/20 20:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/20 20:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/01/20 20:26:16 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/01/20 20:25:58 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Dropbox
[2012/01/20 20:25:21 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\WinRAR
[2012/01/20 20:25:21 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/20 20:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/01/20 20:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/01/20 20:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/01/20 20:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/20 20:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/01/20 20:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/01/20 20:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/01/20 20:23:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/01/20 20:23:40 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/01/20 20:23:36 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Local\Google
[2012/01/20 20:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/20 20:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012/01/20 20:17:20 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/01/20 20:17:10 | 000,000,000 | ---D | C] -- C:\dell
[2012/01/20 20:04:41 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/01/20 20:04:41 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\Searches
[2012/01/20 20:04:41 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/01/20 20:04:40 | 000,000,000 | -H-D | C] -- C:\Users\ChrisA\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/01/20 20:04:33 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Identities
[2012/01/20 20:04:32 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\Contacts
[2012/01/20 20:04:22 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Local\VirtualStore
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\AppData\Local\Temporary Internet Files
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\Templates
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\Start Menu
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\SendTo
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\Recent
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\PrintHood
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\NetHood
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\Documents\My Videos
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\Documents\My Pictures
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\Documents\My Music
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\My Documents
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\Local Settings
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\AppData\Local\History
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\Cookies
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\Application Data
[2012/01/20 20:04:21 | 000,000,000 | -HSD | C] -- C:\Users\ChrisA\AppData\Local\Application Data
[2012/01/20 20:04:20 | 000,000,000 | --SD | C] -- C:\Users\ChrisA\AppData\Roaming\Microsoft
[2012/01/20 20:04:20 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\Videos
[2012/01/20 20:04:20 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\Saved Games
[2012/01/20 20:04:20 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\Pictures
[2012/01/20 20:04:20 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\Music
[2012/01/20 20:04:20 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/01/20 20:04:20 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\Links
[2012/01/20 20:04:20 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\Favorites
[2012/01/20 20:04:20 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\Downloads
[2012/01/20 20:04:20 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\Documents
[2012/01/20 20:04:20 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\Desktop
[2012/01/20 20:04:20 | 000,000,000 | R--D | C] -- C:\Users\ChrisA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/01/20 20:04:20 | 000,000,000 | -H-D | C] -- C:\Users\ChrisA\AppData
[2012/01/20 20:04:20 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Local\Temp
[2012/01/20 20:04:20 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Local\Microsoft
[2012/01/20 20:04:20 | 000,000,000 | ---D | C] -- C:\Users\ChrisA\AppData\Roaming\Media Center Programs
[2012/01/20 20:04:17 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/01/20 20:04:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/01/20 20:00:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/01/20 20:00:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/01/22 21:39:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ChrisA\Desktop\OTL.exe
[2012/01/22 21:33:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697273298-2210447868-2631082076-1000UA.job
[2012/01/22 21:22:14 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 21:22:14 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/22 21:14:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/22 21:14:47 | 1578,455,040 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/22 15:56:02 | 000,001,407 | ---- | M] () -- C:\Users\ChrisA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/22 15:50:10 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/01/22 15:39:43 | 000,001,103 | ---- | M] () -- C:\Users\ChrisA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/01/22 15:39:41 | 000,611,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/22 15:39:41 | 000,105,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/22 14:47:06 | 000,355,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/22 14:35:16 | 000,000,512 | ---- | M] () -- C:\Users\ChrisA\Desktop\MBR.dat
[2012/01/22 14:34:15 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697273298-2210447868-2631082076-1000Core.job
[2012/01/21 03:59:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/01/21 00:00:34 | 2768,978,943 | ---- | M] () -- C:\personalbackup.pst
[2012/01/21 00:00:34 | 1296,188,416 | ---- | M] () -- C:\archivebackup.pst
[2012/01/20 22:49:41 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/01/20 22:02:42 | 000,002,279 | ---- | M] () -- C:\Users\ChrisA\Desktop\Google Chrome.lnk
[2012/01/20 21:04:41 | 000,002,000 | ---- | M] () -- C:\Users\ChrisA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/20 20:32:47 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/01/20 20:22:22 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/20 20:15:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/01/20 20:02:21 | 000,040,833 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/01/20 18:25:39 | 000,001,031 | ---- | M] () -- C:\Users\ChrisA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Desktop.lnk
[2012/01/20 12:11:14 | 000,000,505 | ---- | M] () -- C:\Users\ChrisA\Desktop\New Public Files.lnk
[2012/01/18 14:53:55 | 000,165,792 | ---- | M] () -- C:\Users\ChrisA\Desktop\walkni - with strapline.jpg
[2012/01/18 14:45:03 | 000,053,394 | ---- | M] () -- C:\Users\ChrisA\Desktop\Ti.ashx.jpg
[2012/01/18 14:16:19 | 000,070,808 | ---- | M] () -- C:\Users\ChrisA\Desktop\05.jpg
[2012/01/18 11:01:34 | 001,041,667 | ---- | M] () -- C:\Users\ChrisA\Desktop\Omagh.jpg
[2012/01/18 11:00:40 | 000,215,895 | ---- | M] () -- C:\Users\ChrisA\Desktop\Glenelly River.jpg
[2012/01/18 10:59:36 | 000,107,444 | ---- | M] () -- C:\Users\ChrisA\Desktop\Sperrins Walking.jpg
[2012/01/18 10:58:39 | 000,140,553 | ---- | M] () -- C:\Users\ChrisA\Desktop\Folk Park.jpg
[2012/01/18 10:57:28 | 000,126,936 | ---- | M] () -- C:\Users\ChrisA\Desktop\Sperrins.jpg
[2012/01/17 17:03:48 | 000,632,924 | ---- | M] () -- C:\Users\ChrisA\Desktop\River Foyle.jpg
[2012/01/17 17:03:14 | 000,709,882 | ---- | M] () -- C:\Users\ChrisA\Desktop\Foyle.jpg
[2012/01/17 17:02:27 | 001,169,114 | ---- | M] () -- C:\Users\ChrisA\Desktop\Foyle Canoe Trail.jpg
[2012/01/17 14:51:29 | 000,166,620 | ---- | M] () -- C:\Users\ChrisA\Desktop\Shooter.pdf
[2012/01/17 14:51:01 | 000,355,030 | ---- | M] () -- C:\Users\ChrisA\Desktop\North Belfast News.pdf
[2012/01/17 12:53:00 | 000,133,777 | ---- | M] () -- C:\Users\ChrisA\Desktop\45949-Cushendall.jpg
[2012/01/17 12:27:00 | 001,876,441 | ---- | M] () -- C:\Users\ChrisA\Desktop\NI Bootcamp Abseiling.jpg
[2012/01/17 12:27:00 | 001,776,714 | ---- | M] () -- C:\Users\ChrisA\Desktop\NI Bootcamp.jpg
[2012/01/16 17:10:31 | 000,463,333 | ---- | M] () -- C:\Users\ChrisA\Desktop\Belfast Telegraph.pdf
[2012/01/09 14:20:02 | 001,454,024 | ---- | M] () -- C:\Users\ChrisA\Desktop\Paddle around Ireland.JPG
[2012/01/09 14:19:48 | 001,932,912 | ---- | M] () -- C:\Users\ChrisA\Desktop\Elaine 'Shooter' Alexander.JPG
[2012/01/09 14:19:17 | 000,782,126 | ---- | M] () -- C:\Users\ChrisA\Desktop\Shooter.jpg
[2012/01/09 14:18:52 | 002,195,614 | ---- | M] () -- C:\Users\ChrisA\Desktop\Elaine Paddle.jpg
[2012/01/09 12:11:53 | 001,327,366 | ---- | M] () -- C:\Users\ChrisA\Desktop\Tollymore Mountain Biking.jpg

========== Files Created - No Company Name ==========

[2012/01/22 15:50:10 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/01/21 10:19:37 | 000,000,512 | ---- | C] () -- C:\Users\ChrisA\Desktop\MBR.dat
[2012/01/21 03:59:27 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/01/21 03:59:26 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2012/01/20 23:18:01 | 000,001,103 | ---- | C] () -- C:\Users\ChrisA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/01/20 20:52:28 | 001,327,366 | ---- | C] () -- C:\Users\ChrisA\Desktop\Tollymore Mountain Biking.jpg
[2012/01/20 20:52:28 | 000,782,126 | ---- | C] () -- C:\Users\ChrisA\Desktop\Shooter.jpg
[2012/01/20 20:52:28 | 000,632,924 | ---- | C] () -- C:\Users\ChrisA\Desktop\River Foyle.jpg
[2012/01/20 20:52:28 | 000,222,151 | ---- | C] () -- C:\Users\ChrisA\Desktop\Sportive Scene.jpg
[2012/01/20 20:52:28 | 000,166,620 | ---- | C] () -- C:\Users\ChrisA\Desktop\Shooter.pdf
[2012/01/20 20:52:28 | 000,165,792 | ---- | C] () -- C:\Users\ChrisA\Desktop\walkni - with strapline.jpg
[2012/01/20 20:52:28 | 000,126,936 | ---- | C] () -- C:\Users\ChrisA\Desktop\Sperrins.jpg
[2012/01/20 20:52:28 | 000,122,469 | ---- | C] () -- C:\Users\ChrisA\Desktop\SCot Widows Offset Saver account.pdf
[2012/01/20 20:52:28 | 000,107,444 | ---- | C] () -- C:\Users\ChrisA\Desktop\Sperrins Walking.jpg
[2012/01/20 20:52:28 | 000,053,394 | ---- | C] () -- C:\Users\ChrisA\Desktop\Ti.ashx.jpg
[2012/01/20 20:48:32 | 2768,978,943 | ---- | C] () -- C:\personalbackup.pst
[2012/01/20 20:48:32 | 001,776,714 | ---- | C] () -- C:\Users\ChrisA\Desktop\NI Bootcamp.jpg
[2012/01/20 20:48:32 | 001,454,024 | ---- | C] () -- C:\Users\ChrisA\Desktop\Paddle around Ireland.JPG
[2012/01/20 20:48:32 | 001,041,667 | ---- | C] () -- C:\Users\ChrisA\Desktop\Omagh.jpg
[2012/01/20 20:48:32 | 000,355,030 | ---- | C] () -- C:\Users\ChrisA\Desktop\North Belfast News.pdf
[2012/01/20 20:48:31 | 001,876,441 | ---- | C] () -- C:\Users\ChrisA\Desktop\NI Bootcamp Abseiling.jpg
[2012/01/20 20:48:31 | 000,342,743 | ---- | C] () -- C:\Users\ChrisA\Desktop\Newsletter Article.jpg
[2012/01/20 20:48:31 | 000,275,987 | ---- | C] () -- C:\Users\ChrisA\Desktop\Newsletter 2.jpg
[2012/01/20 20:48:31 | 000,002,693 | ---- | C] () -- C:\Users\ChrisA\Desktop\Microsoft Office Outlook 2003.lnk
[2012/01/20 20:48:31 | 000,002,675 | ---- | C] () -- C:\Users\ChrisA\Desktop\Microsoft Office Word 2003.lnk
[2012/01/20 20:48:31 | 000,000,505 | ---- | C] () -- C:\Users\ChrisA\Desktop\New Public Files.lnk
[2012/01/20 20:48:30 | 008,820,737 | ---- | C] () -- C:\Users\ChrisA\Desktop\JPGS.zip
[2012/01/20 20:48:30 | 002,195,614 | ---- | C] () -- C:\Users\ChrisA\Desktop\Elaine Paddle.jpg
[2012/01/20 20:48:30 | 001,932,912 | ---- | C] () -- C:\Users\ChrisA\Desktop\Elaine 'Shooter' Alexander.JPG
[2012/01/20 20:48:30 | 001,169,114 | ---- | C] () -- C:\Users\ChrisA\Desktop\Foyle Canoe Trail.jpg
[2012/01/20 20:48:30 | 000,709,882 | ---- | C] () -- C:\Users\ChrisA\Desktop\Foyle.jpg
[2012/01/20 20:48:30 | 000,215,895 | ---- | C] () -- C:\Users\ChrisA\Desktop\Glenelly River.jpg
[2012/01/20 20:48:30 | 000,140,553 | ---- | C] () -- C:\Users\ChrisA\Desktop\Folk Park.jpg
[2012/01/20 20:48:30 | 000,001,415 | ---- | C] () -- C:\Users\ChrisA\Desktop\Internet Explorer.lnk
[2012/01/20 20:48:29 | 005,381,640 | ---- | C] () -- C:\Users\ChrisA\Desktop\Cycling Weekly Feature.pdf
[2012/01/20 20:48:29 | 001,847,599 | ---- | C] () -- C:\Users\ChrisA\Desktop\download.php.air
[2012/01/20 20:48:29 | 000,463,333 | ---- | C] () -- C:\Users\ChrisA\Desktop\Belfast Telegraph.pdf
[2012/01/20 20:48:29 | 000,000,574 | ---- | C] () -- C:\Users\ChrisA\Desktop\chrisa docs on server.lnk
[2012/01/20 20:47:17 | 1296,188,416 | ---- | C] () -- C:\archivebackup.pst
[2012/01/20 20:47:17 | 000,133,777 | ---- | C] () -- C:\Users\ChrisA\Desktop\45949-Cushendall.jpg
[2012/01/20 20:47:17 | 000,070,808 | ---- | C] () -- C:\Users\ChrisA\Desktop\05.jpg
[2012/01/20 20:47:15 | 000,001,031 | ---- | C] () -- C:\Users\ChrisA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Desktop.lnk
[2012/01/20 20:47:14 | 000,002,187 | ---- | C] () -- C:\Users\ChrisA\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/20 20:47:14 | 000,002,000 | ---- | C] () -- C:\Users\ChrisA\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/20 20:40:08 | 000,001,990 | ---- | C] () -- C:\Users\ChrisA\Documents\Default.rdp
[2012/01/20 20:36:12 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/01/20 20:32:47 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/01/20 20:32:39 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/20 20:32:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/20 20:30:59 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/20 20:28:51 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/20 20:26:29 | 000,001,004 | ---- | C] () -- C:\Users\ChrisA\Desktop\Dropbox.lnk
[2012/01/20 20:26:21 | 000,000,984 | ---- | C] () -- C:\Users\ChrisA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/20 20:23:43 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697273298-2210447868-2631082076-1000UA.job
[2012/01/20 20:23:42 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-697273298-2210447868-2631082076-1000Core.job
[2012/01/20 20:23:40 | 000,002,279 | ---- | C] () -- C:\Users\ChrisA\Desktop\Google Chrome.lnk
[2012/01/20 20:22:22 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/20 20:22:22 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/20 20:21:19 | 000,001,407 | ---- | C] () -- C:\Users\ChrisA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/20 20:15:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/01/20 20:04:42 | 000,001,413 | ---- | C] () -- C:\Users\ChrisA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/20 20:04:20 | 000,000,290 | ---- | C] () -- C:\Users\ChrisA\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/20 20:04:20 | 000,000,272 | ---- | C] () -- C:\Users\ChrisA\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/20 20:02:15 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/20 20:02:10 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/20 20:00:07 | 1578,455,040 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 04:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:33:53 | 000,355,704 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 02:05:48 | 000,611,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 02:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 02:05:48 | 000,105,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 02:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 02:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 02:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 23:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2012/01/20 20:40:05 | 000,000,000 | ---D | M] -- C:\Users\ChrisA\AppData\Roaming\com.facebookdesktop.app
[2012/01/22 21:16:38 | 000,000,000 | ---D | M] -- C:\Users\ChrisA\AppData\Roaming\Dropbox
[2012/01/20 20:40:08 | 000,000,000 | ---D | M] -- C:\Users\ChrisA\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/07/14 04:53:46 | 000,003,340 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/01/21 00:00:34 | 1296,188,416 | ---- | M] () -- C:\archivebackup.pst
[2009/06/10 21:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2012/01/21 03:59:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/01/22 21:25:24 | 000,015,652 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 21:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/01/22 21:14:47 | 1578,455,040 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/22 21:14:48 | 2104,610,816 | -HS- | M] () -- C:\pagefile.sys
[2012/01/21 00:00:34 | 2768,978,943 | ---- | M] () -- C:\personalbackup.pst
[2012/01/20 21:20:47 | 000,074,310 | ---- | M] () -- C:\TDSSKiller.2.7.6.0_20.01.2012_21.17.16_log.txt
[2012/01/20 21:50:55 | 000,076,954 | ---- | M] () -- C:\TDSSKiller.2.7.6.0_20.01.2012_21.50.34_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 04:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 04:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 04:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 04:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/14 01:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2009/07/14 01:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 04:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/01/22 15:56:02 | 000,000,221 | -HS- | M] () -- C:\Users\ChrisA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/01/22 21:39:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ChrisA\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 21:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/01/22 15:45:58 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/01/22 15:45:58 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2012/01/22 15:45:58 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2012/01/22 15:45:58 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/01/22 15:45:58 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2012/01/22 15:45:58 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/01/22 15:56:01 | 000,000,402 | -HS- | M] () -- C:\Users\ChrisA\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

how to clean out alureon windows 10

Source: https://www.techspot.com/community/topics/cannot-remove-trojan-dos-alureon-a.176444/

Posted by: blackstockdonser.blogspot.com

0 Response to "how to clean out alureon windows 10"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel