jpg files changed on the same date and reported as unknown ADS

[spypcsense]

Hi All
Deep root scan showed many jpg files with names similar to this: Pictures\My Pictures\PICT0025.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA. All the files were changed around 12:30 PM on April 03, 2014. Did the root scan because the computer is behaving a little strangely including a message that Windows is not genuine (it is) and is unable to resolve or update. I can post the whole log if need be but it is long.
Thanks for any help you can give.

[tashi]

Hello spypcsense,

Hi All
Deep root scan showed many jpg files with names similar to this: Pictures\My Pictures\PICT0025.JPG:Q30lsldxJoudresxAaaqpcawXc:$DATA. All the files were changed around 12:30 PM on April 03, 2014.

This information alone does not raise a flag, changes may reflect when the user accessed their files.

Did the root scan because the computer is behaving a little strangely including a message that Windows is not genuine (it is) and is unable to resolve or update. I can post the whole log if need be but it is long.

Please list:
Version of Spybot: http://www.safer-networking.org/shop/
The operating system
Other security programs installed
Any issues with the computer's performance, please be specific.

Best regards.

[spypcsense]

Thanks for the reply Tashi.

Version of Spybot: 2.0.12.0
Rootkit scanner 2.0.12.116
The operating system: Windows 7 professional 32 bit
Other security programs installed: AVG Cloudcare, Malwarebytes
Issues with the computer's performance: Windows is not Genuine (4 year old Lenovo laptop and this just popped up), can't troubleshoot (gets error), some updates are blocked, sometimes gets very sloooowww. I pulled the drive and deep scanned it again from this machine with similar results to the original scan.

Thanks again

[tashi]

Hello spypcsense,

It might be best for someone to take a look at the system, please see the Malware Removal Forum sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please.

Best regards.

[spypcsense]

I would think that these steps are best accomplished with the drive back in its home computer unless you think it is better to leave it attached to this machine. Agree?

Hello spypcsense,

It might be best for someone to take a look at the system, please see the Malware Removal Forum sticky which includes guidelines and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic in that forum providing the logs so a volunteer analyst can guide you, also provide a link back to this thread please.

Best regards.

[tashi]

I would think that these steps are best accomplished with the drive back in its home computer

Yes.

[spypcsense]

Hello Tashi - maybe I misunderstood or I'm not reading this correctly. You said to go to the Malware Removal forum, start a new thread, post the logs and link back to the original thread in the rootkit forum. I thought that is what I did so I'm not sure where I went wrong. Need some enlightenment. Which topic is open - the first one or this one and which one should I be using. Don't want to upset the apple cart but I am confused.
Thanks for your help.
Regards