Jump to content

Build Theme!
  •  
  • Infected?

Welcome Guest to What the Tech - Register now for FREE

We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

Create an Account Login to Account


Photo

Help with PC Issues running slow and new files appearing [Closed] [Sol


  • This topic is locked This topic is locked
47 replies to this topic

#1 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 18 November 2013 - 04:57 PM

HI, I am needing help in diagnosing what is on with my pc. I had started getting help with my problem a few  weeks ago, but due to personal issues I wasn't able to reply and thread was closed. Since then my mother has used PC and seems worse. She says she hasn't downloaded or done anything but she isn't computer smart at all so know telling what she has really done and I know she has downloaded stuff. My computer is running very slow and seems to get hot faster and lot more then before. I have scanned with McAfee virus scanner and says there are no problems but I don't think they are right. On my desktop 2 icons showed up with desktop.ini as file name and then when I went to my computer  I have  noticed that file name in many different folders and also other files I haven't seen before. I also see NTuser.dat under users and wondering what that is. I also think someone is hacking into my computer and or internet, I have been recieving a notification saying another device is on the same IP Address as my computer. Im not to sure if it says that because more than 1 computer runs off router or not but I have gotten that notification before and theres always been more than 1 on router. I posted the log below from OTL.exe as well. I think you for your time and apprieciate all your help and information you give me. Have a wonderful day, Thank You.  

  Kacy 

 

 

OTL logfile created on: 11/18/2013 4:38:07 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rose\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.96% Memory free
3.42 Gb Paging File | 2.15 Gb Available in Paging File | 62.83% Paging File free
Paging file location(s): c:\pagefile.sys 1530 2000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 81.20 Gb Free Space | 60.43% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.47 Gb Free Space | 50.98% Space Free | Partition Type: NTFS
Drive E: | 702.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LULU | User Name: Rose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Rose\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (vToolbarUpdater15.3.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe File not found
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (BAVSvc) -- C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe (Baidu, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezSharedSvcHost.exe (EasyBits Software AS)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (wanatw) --  File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (IpInIp) --  File not found
DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found
DRV - (catchme) -- C:\Users\Rose\AppData\Local\Temp\catchme.sys File not found
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (mfencrk) -- C:\Windows\System32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- C:\Windows\System32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DLADResM) -- C:\Windows\System32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.wis...&cc=US&unqvl=39
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {C4AF7745-34C4-4921-8F7A-81A3C9D8B0EB}
IE - HKLM\..\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wis...&cc=US&unqvl=39
IE - HKLM\..\SearchScopes\{C4AF7745-34C4-4921-8F7A-81A3C9D8B0EB}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{26057199-A6D3-4DEF-A597-A6006DAD24CE}: "URL" = http://search.condui...0253909309&UM=2
IE - HKCU\..\SearchScopes\{4C1EF763-FF77-4D7C-8E5D-189249B83B78}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C4AF7745-34C4-4921-8F7A-81A3C9D8B0EB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/12 09:43:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/10/23 23:54:20 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Wallet = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
 
O1 HOSTS File: ([2013/07/20 06:20:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKCU..\Run: [TBHostSupport] C:\Users\Rose\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD67D9B2-CA97-45C7-82AF-F82320ED645F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E343DDE5-E345-4655-97A9-44B48425462F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rose\Desktop\+ KaCy'S FoLdeR  +\ALL GRAPHICS\Quote Graphics\beautiful_disaster logo.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rose\Desktop\+ KaCy'S FoLdeR  +\ALL GRAPHICS\Quote Graphics\beautiful_disaster logo.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/10/28 23:34:58 | 000,000,000 | RH-- | M] () - E:\autorun.wbcat -- [ UDF ]
O32 - AutoRun File - [2013/10/28 23:35:08 | 000,000,125 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/18 15:10:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rose\Desktop\OTL.exe
[2013/11/18 14:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2013/11/18 14:02:11 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\TCC FINANCIAL AID APPEAL INFO
[2013/11/18 11:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/11/14 13:17:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/14 13:17:01 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/14 13:17:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/14 13:17:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/14 13:17:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/14 13:16:59 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/14 13:16:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/14 13:16:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/13 18:19:49 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/11 11:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2013/11/11 02:37:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2013/11/11 02:37:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2013/10/31 05:54:51 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\NativeMessaging
[2013/10/31 05:54:50 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\TBHostSupport
[2013/10/23 23:54:03 | 000,147,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys
[2013/10/23 23:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2013/10/23 23:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013/10/23 23:30:37 | 000,172,416 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2013/10/23 23:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013/10/23 01:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/23 01:32:20 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/10/23 01:32:12 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/10/23 01:32:11 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/10/23 01:32:11 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/10/23 01:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/22 21:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/10/22 21:51:55 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\Conduit
[2013/10/22 21:49:45 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\CRE
[2013/10/22 21:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/10/22 21:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\WebSearch
[2013/10/22 21:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DowNNloaoD kkeeper
[2013/10/21 02:19:19 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\{FFB9A493-1644-4D27-94E4-B29E41EC53A8}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/18 16:15:30 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/18 15:56:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/18 15:20:57 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/18 15:20:57 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/18 15:10:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Desktop\OTL.exe
[2013/11/18 13:24:30 | 000,056,736 | ---- | M] () -- C:\Users\Rose\Desktop\how-to-know-if-someone-loves-you-test.jpg
[2013/11/18 11:56:34 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/18 11:36:09 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2013/11/18 11:28:12 | 000,640,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/18 11:28:12 | 000,118,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/18 11:20:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/17 19:21:20 | 000,003,584 | ---- | M] () -- C:\Users\Rose\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/17 12:10:09 | 000,059,696 | ---- | M] () -- C:\Users\Rose\Desktop\Perks of a wild Flower.jpg
[2013/11/17 11:55:07 | 000,047,069 | ---- | M] () -- C:\Users\Rose\Desktop\If I Ever....jpg
[2013/11/17 11:29:57 | 000,016,851 | ---- | M] () -- C:\Users\Rose\Desktop\poem.jpg
[2013/11/11 10:21:46 | 000,009,878 | ---- | M] () -- C:\Users\Rose\AppData\Roaming\wklnhst.dat
[2013/10/28 09:01:21 | 000,000,000 | -H-- | M] () -- C:\Users\Rose\Documents\Default.rdp
[2013/10/22 21:53:12 | 000,000,009 | ---- | M] () -- C:\END
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/18 13:24:28 | 000,056,736 | ---- | C] () -- C:\Users\Rose\Desktop\how-to-know-if-someone-loves-you-test.jpg
[2013/11/17 12:10:08 | 000,059,696 | ---- | C] () -- C:\Users\Rose\Desktop\Perks of a wild Flower.jpg
[2013/11/17 11:55:06 | 000,047,069 | ---- | C] () -- C:\Users\Rose\Desktop\If I Ever....jpg
[2013/11/17 11:29:49 | 000,016,851 | ---- | C] () -- C:\Users\Rose\Desktop\poem.jpg
[2013/11/13 18:19:49 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/10/28 09:01:21 | 000,000,000 | -H-- | C] () -- C:\Users\Rose\Documents\Default.rdp
[2013/10/23 23:54:55 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2013/10/23 23:54:05 | 000,002,641 | ---- | C] () -- C:\Windows\System32\drivers\mfencrk.inf
[2013/10/23 23:54:02 | 000,002,951 | ---- | C] () -- C:\Windows\System32\drivers\mfencbdc.inf
[2013/10/22 21:49:00 | 000,000,009 | ---- | C] () -- C:\END
[2013/07/13 02:15:24 | 000,000,448 | ---- | C] () -- C:\Users\Rose\Downloads - Shortcut.lnk
[2013/07/11 23:27:42 | 000,003,584 | ---- | C] () -- C:\Users\Rose\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/28 18:44:14 | 000,009,878 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\wklnhst.dat
[2013/06/18 23:44:23 | 000,000,680 | ---- | C] () -- C:\Users\Rose\AppData\Local\d3d9caps.dat
[2013/02/09 03:17:36 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2013/02/09 02:35:59 | 000,773,192 | ---- | C] () -- C:\Windows\System32\ezUPBHook64.dll
[2012/12/10 02:25:26 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/12/04 21:04:06 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2012/11/25 09:34:10 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/03/22 16:48:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/10 21:43:14 | 000,000,355 | ---- | C] () -- C:\Users\Rose\Searches.lnk
 
========== ZeroAccess Check ==========
 
[2006/11/02 06:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/07/14 03:09:51 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\AquaSoft
[2013/07/12 18:28:25 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Baidu
[2013/07/12 18:28:40 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Baidu Security
[2012/11/30 00:53:50 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Canon
[2013/06/22 13:19:36 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\DownLite
[2013/02/09 02:44:36 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\GoforFiles
[2013/02/09 09:39:48 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\iPumper
[2013/09/22 22:31:52 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\iWin
[2013/04/28 00:50:21 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Leadertech
[2013/08/24 01:00:27 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Oracle
[2012/12/03 19:21:12 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\PCDr
[2013/06/14 22:02:42 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\PeerNetworking
[2013/03/17 23:55:29 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\QuickScan
[2013/08/10 03:58:05 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\SmartDraw
[2009/12/28 11:34:21 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Template
[2013/06/29 17:22:49 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\Windows Live Writer
[2013/02/11 20:17:08 | 000,000,000 | ---D | M] -- C:\Users\Rose\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.EXE  >
[2009/04/11 13:16:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/11 13:16:16 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/11 13:16:16 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 13:16:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 20:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2006/11/02 06:38:53 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 06:38:53 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui
 
< MD5 for: EXPLORER.ZIP  >
[2009/06/03 20:15:06 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip
 
< MD5 for: IEXPLORE.EXE  >
[2009/10/27 07:11:33 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=03EF289E8F82CBC4E492658864C7C51A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22550_none_2fb594d03344a0e4\iexplore.exe
[2013/10/13 04:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=06085B62BC7E0C8E2605CEA38774D956 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/10/13 04:49:16 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=06085B62BC7E0C8E2605CEA38774D956 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16520_none_58a898e5ebaaf1b6\iexplore.exe
[2009/04/11 13:10:03 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2012/11/13 20:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16457_none_588f2941ebbcf9c3\iexplore.exe
[2013/07/31 04:18:24 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=10C1F2EC48D524AE10229AACD37B172A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20617_none_594407a304ba26f0\iexplore.exe
[2013/07/24 20:48:45 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=139C8953AC56A9E559C7DEF07BC45ED7 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20613_none_5940067b04bdc194\iexplore.exe
[2009/11/21 00:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[2009/07/18 06:16:49 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D5A01AA2DE47C052AF46D7EBCB003A3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[2009/07/18 15:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D8163DBFECAEDB9C48C5F55084BC491 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[2009/09/02 20:36:46 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=1DD66A2851DACDEC32EAE8F9A8865ABD -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[2009/09/02 20:39:08 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[2012/08/24 01:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16450_none_5888273bebc34862\iexplore.exe
[2010/02/23 09:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[2012/05/15 02:57:00 | 000,638,048 | ---- | M] (Microsoft Corporation) MD5=26B900640CE979A708FD3793FA8A6C50 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23359_none_12a791524909f5e4\iexplore.exe
[2012/10/08 02:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16455_none_588d28adebbec715\iexplore.exe
[2009/04/11 00:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2013/10/13 03:43:05 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=2D64E29ADB5DEB40446796A9C42417E3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20631_none_5928660f04cfc6c8\iexplore.exe
[2013/02/21 22:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16476_none_5878891febce184e\iexplore.exe
[2013/05/28 21:32:47 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=33E62E4EFC2ACA8EC63A8926F26D3889 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20606_none_594dd74504b2f1a8\iexplore.exe
[2012/08/07 00:15:01 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16447_none_5899f92debb4ddd2\iexplore.exe
[2010/01/02 08:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[2013/04/04 16:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16483_none_586ab855ebd8e83a\iexplore.exe
[2013/02/21 22:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20586_none_58f755ff04f3d409\iexplore.exe
[2013/09/22 04:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=45BDA923BE52906D1460BCB13AC2AB7A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16514_none_58b769f9eb9f3b21\iexplore.exe
[2010/05/04 00:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[2010/09/08 00:26:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[2009/10/27 09:11:10 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=4F9B04D546C23A295F3F0AE015BE51DB -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\iexplore.exe
[2013/07/24 20:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=57EC630DBD5F0713E77CB3540AB80A8E -- C:\Windows\erdnt\cache\iexplore.exe
[2013/07/24 20:42:37 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=57EC630DBD5F0713E77CB3540AB80A8E -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16502_none_58c03951eb98ec82\iexplore.exe
[2008/01/20 20:33:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2010/05/04 00:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[2012/08/24 01:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20557_none_5918c60d04da998d\iexplore.exe
[2013/05/16 17:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=67EE46FD4D3B56531C5DD1BDC149275A -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16490_none_585ce78bebe3b826\iexplore.exe
[2013/01/08 16:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16464_none_58815877ebc7c9af\iexplore.exe
[2010/06/26 00:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[2009/04/19 22:56:28 | 000,060,416 | ---- | M] () MD5=753BC16326FEE4A421ACB636CCD602F4 -- C:\uninstall.exe\iexplore.exe
[2010/12/18 01:19:44 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7852371DA9EFBC17B645558E23780EAC -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
[2009/10/27 07:24:29 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=79B60CC26404F8FC2B351A7551D93C17 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18349_none_2f3fc8a51a16cc11\iexplore.exe
[2009/07/18 06:16:45 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=7FCF4E704A48D95202F3E7A1E1A21412 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[2009/10/27 07:22:34 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=80675329E0FD54F016C4F8A83C616349 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21148_none_2de1fea2360ef4d5\iexplore.exe
[2010/01/02 00:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[2009/09/02 20:36:41 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=8BA2B7A05F88BE0D45237A0994AD8366 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[2012/06/28 19:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16448_none_589af977ebb3f729\iexplore.exe
[2012/05/15 00:37:18 | 000,638,048 | ---- | M] (Microsoft Corporation) MD5=9AC31470779A703021C337FD83D683EE -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19272_none_120152a93002dc9b\iexplore.exe
[2009/08/27 08:04:53 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=9E45866CD349219784CD5A7620DBEB8A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\iexplore.exe
[2009/09/02 20:36:41 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=9E6C1527D9A2C64BFD780AA23075380F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[2010/02/23 00:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[2013/02/01 22:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20580_none_58f1544304f93bff\iexplore.exe
[2009/08/27 07:43:41 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=A76AFC309AA55CD607A28AC41C7D7603 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21116_none_2e006dd235f86e54\iexplore.exe
[2013/05/16 16:27:11 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=A8732CEDB2C0EE7AFC08F867A47BB3EC -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20600_none_5947d58904b8599e\iexplore.exe
[2013/07/31 04:39:59 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=AA9CBDCD4675A48755DDA3A73BE3E283 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16506_none_58c43a79eb9551de\iexplore.exe
[2005/08/15 11:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\uninstall.exe\en-US\iexplore.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2009/03/08 15:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[2010/12/18 00:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=B988D7F127B94BD5BF8356FE81B985C4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
[2009/08/27 07:38:13 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=BBF84F317553520BB78AEF7B047325C1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18319_none_2f60386919fe783e\iexplore.exe
[2013/04/04 15:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20593_none_58e9853504fea3f5\iexplore.exe
[2012/10/08 02:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20562_none_5908f4af04e736cb\iexplore.exe
[2009/09/02 20:39:08 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[2010/09/08 00:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[2009/09/02 20:39:00 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[2013/02/01 22:19:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16470_none_58728763ebd38044\iexplore.exe
[2009/11/21 09:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[2009/09/02 20:36:46 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=EA4BE33726155F89D89A3FE7142878E0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[2012/06/28 17:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20554_none_5915c52f04dd4d88\iexplore.exe
[2009/07/18 05:55:42 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=EBEE9E4421F35CD861107DDA0266FBB1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[2013/05/28 20:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=EE12BA876C4190532A4085994BA9B616 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16496_none_5862e947ebde5030\iexplore.exe
[2013/01/08 15:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20573_none_58ff250d04ee6c13\iexplore.exe
[2010/06/26 00:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[2009/04/11 13:10:03 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[2009/09/02 20:39:00 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
[2012/11/13 20:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20565_none_590bf58d04e482d0\iexplore.exe
[2013/09/22 06:14:29 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=F87E95A127E83277B9AE500D7A18C998 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20625_none_5937372304c41033\iexplore.exe
[2009/08/27 07:19:25 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=FE2DFF83B7753AC47C553EF7D5289BEE -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22508_none_2ff3a6bc3314dfe7\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2006/11/02 06:38:50 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
[2012/08/07 00:15:07 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/08/07 00:15:07 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_52562cc123574ecd\iexplore.exe.mui
[2009/03/08 15:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_207795706a90d6c1\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2006/09/18 15:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 15:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
 
< MD5 for: SERVICES.EXE  >
[2008/01/20 20:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2006/11/02 06:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 06:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2008/01/20 20:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 20:56:43 | 000,001,688 | ---- | M] () MD5=D33B2F379CED5E32AF2F9199CE4EE94A -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
 
< MD5 for: SERVICES.MSC  >
[2006/11/02 06:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 06:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 20:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2008/01/20 20:35:28 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2008/01/20 20:35:28 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 06:38:26 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui
 
< MD5 for: WINLOGON.MOF  >
[2006/09/18 15:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 15:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/08/24 00:30:10 | 000,002,015 | ---- | M] () -- C:\DelFix.txt
[2009/09/02 20:43:15 | 000,002,609 | RH-- | M] () -- C:\dell.sdr
[2013/10/22 21:53:12 | 000,000,009 | ---- | M] () -- C:\END
[2013/10/23 01:11:46 | 000,001,959 | ---- | M] () -- C:\logFileUI.txt
[2013/11/18 11:20:43 | 1604,321,280 | -HS- | M] () -- C:\pagefile.sys
[2013/08/10 07:24:53 | 000,000,048 | ---- | M] () -- C:\user_defpage_list
 
< %systemroot%\Fonts\*.com >
[2006/11/02 06:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/02/07 09:49:05 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 03:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNBPP3.DLL
[2006/09/12 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD78.DLL
[2011/05/23 05:00:00 | 000,029,184 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPDAR.DLL
[2006/09/12 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP78.DLL
[2011/05/23 05:00:00 | 000,083,968 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPPAR.DLL
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008/01/20 20:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is OS
 Volume Serial Number is F2F6-9E69
 Directory of C:\
09/10/2009  09:39 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
09/10/2009  09:39 PM    <JUNCTION>     Application Data [C:\ProgramData]
09/10/2009  09:39 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
09/10/2009  09:39 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
09/10/2009  09:39 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
09/10/2009  09:39 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
09/10/2009  09:39 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
09/10/2009  09:39 PM    <SYMLINKD>     All Users [C:\ProgramData]
09/10/2009  09:39 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
09/10/2009  09:39 PM    <JUNCTION>     Application Data [C:\ProgramData]
09/10/2009  09:39 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
09/10/2009  09:39 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
09/10/2009  09:39 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
09/10/2009  09:39 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
09/10/2009  09:39 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
09/10/2009  09:39 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
09/10/2009  09:39 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
09/10/2009  09:39 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
09/10/2009  09:39 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/10/2009  09:39 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/10/2009  09:39 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
09/10/2009  09:39 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
09/10/2009  09:39 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
09/10/2009  09:39 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
09/10/2009  09:39 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
09/10/2009  09:39 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
09/10/2009  09:39 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
09/10/2009  09:39 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
09/10/2009  09:39 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
09/10/2009  09:39 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
09/10/2009  09:39 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
09/10/2009  09:39 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
09/10/2009  09:39 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Rose
09/10/2009  09:42 PM    <JUNCTION>     Application Data [C:\Users\Rose\AppData\Roaming]
09/10/2009  09:42 PM    <JUNCTION>     Cookies [C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Cookies]
09/10/2009  09:42 PM    <JUNCTION>     Local Settings [C:\Users\Rose\AppData\Local]
09/10/2009  09:42 PM    <JUNCTION>     My Documents [C:\Users\Rose\Documents]
09/10/2009  09:42 PM    <JUNCTION>     NetHood [C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/10/2009  09:42 PM    <JUNCTION>     PrintHood [C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/10/2009  09:42 PM    <JUNCTION>     Recent [C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Recent]
09/10/2009  09:42 PM    <JUNCTION>     SendTo [C:\Users\Rose\AppData\Roaming\Microsoft\Windows\SendTo]
09/10/2009  09:42 PM    <JUNCTION>     Start Menu [C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu]
09/10/2009  09:42 PM    <JUNCTION>     Templates [C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Rose\AppData\Local
09/10/2009  09:42 PM    <JUNCTION>     Application Data [C:\Users\Rose\AppData\Local]
09/10/2009  09:42 PM    <JUNCTION>     History [C:\Users\Rose\AppData\Local\Microsoft\Windows\History]
09/10/2009  09:42 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Rose\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Rose\AppData\LocalLow
07/20/2012  01:56 AM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
 Directory of C:\Users\Rose\Documents
09/10/2009  09:42 PM    <JUNCTION>     My Music [C:\Users\Rose\Music]
09/10/2009  09:42 PM    <JUNCTION>     My Pictures [C:\Users\Rose\Pictures]
09/10/2009  09:42 PM    <JUNCTION>     My Videos [C:\Users\Rose\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
09/02/2009  06:14 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
09/02/2009  06:14 PM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
09/02/2009  06:14 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
09/02/2009  06:14 PM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
09/02/2009  06:14 PM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              55 Dir(s)  87,184,556,032 bytes free
 
< %systemroot%\System32\config\*.sav >
[2008/01/20 21:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 21:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 21:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/07/13 03:45:13 | 000,000,832 | -HS- | M] () -- C:\Users\Rose\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013/11/18 15:10:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-11-16 21:21:55
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:517DBC32
 
< End of report >
 


#2 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,102 posts

Posted 20 November 2013 - 03:45 PM

Hello, XoXo_LuLu-XoXo.  Welcome to WTT Forums

 

My name is fbfbfb

 

I was previously helping you before closing your topic.  I will gladly continue to assist you with your malware concerns.  Malware logs may require some time to analyze, and because there is no quick-fix solution, we may need to use various approaches to clean your system.  Please be patient.

To avoid potential problems and setbacks:

  • Read and follow my directions carefully, in the sequence they are posted.
  • If you are unsure about anything, please ask for clarification before continuing.
  • Do not install or uninstall any applications while your system is being cleaned.
  • Use only the tools recommended, and run only the scans requested.
  • Copy and Paste the log files inside your posts. Send attachments only if requested.
  • Stay with this thread until I have determined that your machine is clean and safe. Absence of symptoms does not mean your system is clear.

Please reply within 3 days of each posting to avoid closing this topic. If you need more time to complete tasks, or if you will be away, please let me know in advance.

Please run the following scans

 

1.  aswMBR

Please download aswMBR from HERE.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions, please select Yes.
  • Click the Scan button to start the scan.

2pn88.png


  • On completion of the scan, click save log, save it to your desktop, and post in your next reply.

7Khfh.png

 

2. Rogue Killer

Please download Rogue Killer from HERE.

  • Quit all running programs before continuing.
  • Double-click roguekiller.exe to run it.
  • Wait for the Prescan to finish.
  • Click Scan and wait for the scan to complete.
  • A report will be created and saved on your desktop.
  • Exit the program.

Copy and paste the RKreport.txt report into your next reply.

 

3. Security Check

 

Please download Security Check  from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.  This may take a few minutes.

Please copy and paste the contents of that document into your next reply.




 

 



#3 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 21 November 2013 - 08:00 PM

The 1st download aswMBR there is no link to download the program. Here are the other logs requested though.

 

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Rose [Admin rights]
Mode : Scan -- Date : 11/21/2013 19:48:00
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH][DLL] rundll32.exe -- C:\Users\Rose\AppData\Local\TBHostSupport\TBHostSupport.dll [7] -> rundll32.exe KILLED [TermProc]
 
¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : TBHostSupport ("C:\Windows\system32\Rundll32.exe" "C:\Users\Rose\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin [7][7][x]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3876892959-2368528674-3984381725-1000\[...]\Run : TBHostSupport ("C:\Windows\system32\Rundll32.exe" "C:\Users\Rose\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin [7][7][x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600BEVT-75ZCT2 ATA Device +++++
--- User ---
[MBR] e03f02ad666ae5de965b1802c8d25c41
[BSP] 7c95c7f76d35700eae1d9f386c61ca8c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 137587 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_11212013_194800.txt >>
 
 

 Results of screen317's Security Check version 0.99.77  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Google Chrome 31.0.1650.48  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0 % 
````````````````````End of Log`````````````````````` 
 


#4 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,102 posts

Posted 23 November 2013 - 01:44 PM

Hello XoXo_LuLu_XoXo.

Thank you for the Rogue Killer report, and sorry that the link for aswMBR did not work.  Please try again and follow the instructions as per my previous reply.  Click this LINK to download aswMBR.

Regarding another device with the same IP address:

Please let me know exactly what error message you are receiving.

It is unlikely that your computer is being hacked.  This conflict is usually caused by the router.  It means that another device on the same network is using the same IP address. (another computer, game console, phone, tablet . . .)  To remedy the situation try this:

  • Turn everything off.
  • Then, turn the router on first and wait for it to boot.
  • Next, turn on each device one by one.  Wait for each device to complete booting before turning on the next one.  In this way, the router will assign a new IP address to each device.
  • If you have any wireless devices such as tablets or wireless phone connections, include those as well.

In your next reply, please let me know if this has resolved the issue, or we will try anothr option.

Please run the following OTL fix

 

Run OTL.exe

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  • Then click the Run Fix button at the top.
:OTL
SRV - (vToolbarUpdater15.3.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe File not found
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe File not found
DRV - (wanatw) --  File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (IpInIp) --  File not found
DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found
DRV - (catchme) -- C:\Users\Rose\AppData\Local\Temp\catchme.sys File not found
IE - HKLM\..\SearchScopes,DefaultScope = {C4AF7745-34C4-4921-8F7A-81A3C9D8B0EB}
IE - HKLM\..\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wis...&cc=US&unqvl=39
IE - HKLM\..\SearchScopes\{C4AF7745-34C4-4921-8F7A-81A3C9D8B0EB}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{26057199-A6D3-4DEF-A597-A6006DAD24CE}: "URL" = http://search.condui...0253909309&UM=2
IE - HKCU\..\SearchScopes\{4C1EF763-FF77-4D7C-8E5D-189249B83B78}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C4AF7745-34C4-4921-8F7A-81A3C9D8B0EB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll File not found
O4 - HKCU..\Run: [TBHostSupport] C:\Users\Rose\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner - No CLSID value found
[2013/10/31 05:54:50 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\TBHostSupport
[2013/10/22 21:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/10/22 21:51:55 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\Conduit
[2013/10/22 21:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/11/13 18:19:49 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF

:Commands
[emptytemp]
  • Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
  • Post the new log in your next reply.

 

 



#5 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 24 November 2013 - 06:43 AM

Here is aswMBR log:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-23 14:51:05
-----------------------------
14:51:05.952    OS Version: Windows 6.0.6002 Service Pack 2
14:51:05.952    Number of processors: 1 586 0x1601
14:51:05.952    ComputerName: LULU  UserName: Rose
14:51:06.903    Initialize success
14:54:43.619    AVAST engine defs: 13112200
14:55:06.519    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:55:06.519    Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
14:55:06.660    Disk 0 MBR read successfully
14:55:06.660    Disk 0 MBR scan
14:55:06.707    Disk 0 Windows VISTA default MBR code
14:55:06.707    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
14:55:06.722    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        15000 MB offset 80325
14:55:06.753    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       137587 MB offset 30800325
14:55:06.769    Disk 0 scanning sectors +312579760
14:55:06.847    Disk 0 scanning C:\Windows\system32\drivers
14:55:20.357    Service scanning
14:55:51.822    Modules scanning
14:56:05.597    Disk 0 trace - called modules:
14:56:06.158    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys ndis.sys athr.sys dxgkrnl.sys igdkmd32.sys 
14:56:06.158    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86347968]
14:56:06.174    3 CLASSPNP.SYS[893a48b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85453b98]
14:56:07.125    AVAST engine scan C:\Windows
14:56:09.387    AVAST engine scan C:\Windows\system32
14:59:25.557    AVAST engine scan C:\Windows\system32\drivers
14:59:44.605    AVAST engine scan C:\Users\Rose
15:02:41.587    AVAST engine scan C:\ProgramData
15:06:30.813    Scan finished successfully
15:10:51.084    Disk 0 MBR has been saved successfully to "C:\Users\Rose\Desktop\MBR.dat"
15:10:51.099    The log file has been saved successfully to "C:\Users\Rose\Desktop\aswMBR log.txt"
 
 
 
All processes killed
========== OTL ==========
Service vToolbarUpdater15.3.0 stopped successfully!
Service vToolbarUpdater15.3.0 deleted successfully!
File  C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe File not found not found.
Service DockLoginService stopped successfully!
Service DockLoginService deleted successfully!
File  C:\Program Files\Dell\DellDock\DockLogin.exe File not found not found.
Service wanatw stopped successfully!
Service wanatw deleted successfully!
File   File not found not found.
Service USBAAPL stopped successfully!
Service USBAAPL deleted successfully!
File  System32\Drivers\usbaapl.sys File not found not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File   File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File   File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File   File not found not found.
Service easytether stopped successfully!
Service easytether deleted successfully!
File  system32\DRIVERS\easytthr.sys File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File  C:\Users\Rose\AppData\Local\Temp\catchme.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4AF7745-34C4-4921-8F7A-81A3C9D8B0EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4AF7745-34C4-4921-8F7A-81A3C9D8B0EB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
File move failed. C:\Windows\System32\ieframe.dll scheduled to be moved on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26057199-A6D3-4DEF-A597-A6006DAD24CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26057199-A6D3-4DEF-A597-A6006DAD24CE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4C1EF763-FF77-4D7C-8E5D-189249B83B78}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C1EF763-FF77-4D7C-8E5D-189249B83B78}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4AF7745-34C4-4921-8F7A-81A3C9D8B0EB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4AF7745-34C4-4921-8F7A-81A3C9D8B0EB}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport deleted successfully.
C:\Users\Rose\AppData\Local\TBHostSupport\TBHostSupport.dll moved successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
File Protocol\Handler\linkscanner - No CLSID value found not found.
C:\Users\Rose\AppData\Local\TBHostSupport folder moved successfully.
C:\ProgramData\Conduit folder moved successfully.
C:\Users\Rose\AppData\Local\Conduit folder moved successfully.
C:\Program Files\Conduit\CT3315446\plugins folder moved successfully.
C:\Program Files\Conduit\CT3315446 folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
File move failed. C:\Windows\System32\WFP.TMF scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Rose
->Temp folder emptied: 139440973 bytes
->Temporary Internet Files folder emptied: 126811334 bytes
->Java cache emptied: 425704 bytes
->Google Chrome cache emptied: 102729655 bytes
->Flash cache emptied: 826 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2747177 bytes
%systemroot%\System32 .tmp files removed: 512 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 628926926 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 132340837 bytes
 
Total Files Cleaned = 1,081.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11232013_151334
 
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\ieframe.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\WFP.TMF scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 


#6 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,102 posts

Posted 25 November 2013 - 05:12 PM

Hello, XoXo_LuLu_XoXo.  Thank you for your reports.

 

Please run the following scans

 

1.  OTL

 

Run OTL.exe

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  • Then click the Run Fix button at the top.
:OTL
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:517DBC32

:Commands
[emptytemp]
  • Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
  • Post the new log in your next reply.

2.  Junkware Removal Tool

Please download Junkware Removal Tool from HERE and save it to your desktop.

 

  • Shutdown your antivirus to avoid any potential conflicts.
  • Right-mouse click JRT.exe and select Run as Administrator.
  • JRTwill begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.

Post the contents of JRT.txt into your next reply.

 

3.  AdwCleaner

Please download AdwCleaner from HERE.

  • Double click on adwcleaner.exe.  Note:  Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


 

 



#7 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 26 November 2013 - 11:15 PM

OTL:

 

All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
ADS C:\ProgramData\Temp:2CB9631F deleted successfully.
ADS C:\ProgramData\Temp:07BF512B deleted successfully.
ADS C:\ProgramData\Temp:517DBC32 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Rose
->Temp folder emptied: 42213 bytes
->Temporary Internet Files folder emptied: 554628 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 225063218 bytes
->Flash cache emptied: 826 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 531788 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1050512 bytes
 
Total Files Cleaned = 217.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11262013_180104
 
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000001962E8A4463BFB560A not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
Junk Remover:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista ™ Home Basic x86
Ran by Rose on Tue 11/26/2013 at 22:26:17.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c670dcae-e392-aa32-6f42-143c7fc4bdfd}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3315446
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\System32\Tasks\goforfilesupdate
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\Rose\AppData\LocalLow\FCTB000100565
Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\Users\Rose\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\Rose\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\Rose\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Users\Rose\appdata\local\big fish"
Successfully deleted: [Folder] "C:\Users\Rose\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Rose\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\Users\Rose\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files\websearch"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Rose\appdata\local\{2EDE542A-D689-48C8-9FA0-7B84AB4AF68F}
Successfully deleted: [Empty Folder] C:\Users\Rose\appdata\local\{48DAF17A-1F57-4F0D-AE17-5D3E964E4228}
Successfully deleted: [Empty Folder] C:\Users\Rose\appdata\local\{69CB0F53-68A1-4602-992A-C5551C68C135}
Successfully deleted: [Empty Folder] C:\Users\Rose\appdata\local\{7571AC6F-12CF-4BFC-A7F5-6BA1AB0D6A5F}
Successfully deleted: [Empty Folder] C:\Users\Rose\appdata\local\{78095194-C4CB-4E11-A49A-BBBABEC0FBE6}
Successfully deleted: [Empty Folder] C:\Users\Rose\appdata\local\{7C490FE4-85A3-4407-B4C8-A4A151D0CD6E}
Successfully deleted: [Empty Folder] C:\Users\Rose\appdata\local\{A133B38B-07CA-450B-8A62-9E3C541EDB24}
Successfully deleted: [Empty Folder] C:\Users\Rose\appdata\local\{A91997CF-D475-4B45-8390-A57E1FF21D41}
Successfully deleted: [Empty Folder] C:\Users\Rose\appdata\local\{DA4C87D3-CC3A-4E92-B7B1-74719C479999}
Successfully deleted: [Empty Folder] C:\Users\Rose\appdata\local\{EB461E1B-B31A-41B8-AF8F-DE14C2EBBB71}
Successfully deleted: [Empty Folder] C:\Users\Rose\appdata\local\{FFB9A493-1644-4D27-94E4-B29E41EC53A8}
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/26/2013 at 22:32:35.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
AdwCleaner:
 
# AdwCleaner v3.013 - Report created 26/11/2013 at 22:34:42
# Updated 24/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Rose - LULU
# Running from : C:\Users\Rose\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Uninstall.exe
File Found : C:\Windows\System32\Tasks\Advanced System Protector
File Found : C:\Windows\System32\Tasks\Escolade
File Found : C:\Windows\System32\Tasks\YourFile Update
Folder Found C:\ProgramData\DowNNloaoD kkeeper
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Advanced System Protector
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Escolade
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\GoforFilesUpdate
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\YourFile Update
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C461B81-5DAD-49EE-98D1-DC9C6D378D73}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C96E30E-269C-44EA-B74C-E6DF63BD0D3E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420984CA-358C-4253-BA24-17C9D85EBCDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0C3278F-8736-4A4A-9DC7-0DCDB18D72EB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Uniblue
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16520
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3019 octets] - [26/11/2013 22:34:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3079 octets] ##########
 


#8 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,102 posts

Posted 27 November 2013 - 09:55 AM

Hello, XoXo_LuLu_XoXo.

 

Thank you for your reports.  We've eliminated many offending files thusfar.

 

Please run the following scans

 

1.  AdwCleaner

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleanerto restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

2.  DDS

Please download DDS from HERE.  Click Save File.  The file will save to your default location.

  •   Disable any script blocking protection. (How to Temporarily Disable Security Programs:  Anti-virus/Anti-spyware/Firewall)
  •   Double click dds.com > Click Run.
  •   At the next prompt, ensure check marks appear next to dds.com and attach.txt > Click Start to begin the scan. When done, click OK to close the DDS window.
  •   Two reports will automatically open:  dds.txt and Attach.txt.  These reports are also saved to your desktop.

Please copy and paste the scan results of DDS.txt.

Please attach the second file:  Attach.txt.

To attach a file, do the following:

  •   Under the reply panel is the Attachments Panel.
  •   Browse for the attachment file you want to upload, then click the green Upload button.
  •   Once it has uploaded, click the Manage Current Attachments drop down box.
  •   Click on attach_add.png to insert the attachment into your post.

CHECKLIST:   In your next reply, please post the following:


  • AdwCleaner[S0].txt
  • dds.txt
  • attach.txt
  • Let me know how your computer is running now, and what issues you are still experiencing.


 

 



#9 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 30 November 2013 - 05:43 PM

# AdwCleaner v3.013 - Report created 27/11/2013 at 13:20:45
# Updated 24/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Rose - LULU
# Running from : C:\Users\Rose\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\DowNNloaoD kkeeper
File Deleted : C:\Uninstall.exe
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector
File Deleted : C:\Windows\System32\Tasks\Escolade
File Deleted : C:\Windows\System32\Tasks\YourFile Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0C3278F-8736-4A4A-9DC7-0DCDB18D72EB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0C3278F-8736-4A4A-9DC7-0DCDB18D72EB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C96E30E-269C-44EA-B74C-E6DF63BD0D3E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C96E30E-269C-44EA-B74C-E6DF63BD0D3E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C461B81-5DAD-49EE-98D1-DC9C6D378D73}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C461B81-5DAD-49EE-98D1-DC9C6D378D73}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{420984CA-358C-4253-BA24-17C9D85EBCDC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420984CA-358C-4253-BA24-17C9D85EBCDC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16520
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3159 octets] - [26/11/2013 22:34:42]
AdwCleaner[R1].txt - [3219 octets] - [27/11/2013 13:06:43]
AdwCleaner[S0].txt - [3316 octets] - [27/11/2013 13:20:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3376 octets] ##########
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by Rose at 17:38:22 on 2013-11-30
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2038.926 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.bing.com
mStart Page = hxxp://websearch.wisesearch.info/?pid=1273&r=2013/10/23&hid=8117017758201206986&lg=EN&cc=US&unqvl=39
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AD67D9B2-CA97-45C7-82AF-F82320ED645F} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{E343DDE5-E345-4655-97A9-44B48425462F} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-9-24 571608]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-6-30 21576]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-15 37664]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-9-24 213200]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-10-23 145088]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-10-23 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-10-23 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-10-23 172416]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-9-24 60920]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-9-24 235488]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-9-24 365256]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-9-20 301248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 BAVSvc;Baidu Antivirus Service;c:\program files\baidu security\cloud security\BAVSvc.exe [2013-6-17 1733992]
S3 ezSharedSvc;Easybits Services for Windows;c:\windows\system32\ezSharedSvcHost.exe [2013-2-9 517192]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2012-7-5 19456]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-10-23 147912]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-9-24 65928]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-9-20 80656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-11-30 03:02:19 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{354ef3d9-02d9-4673-9d28-d08a83f9ed3b}\offreg.dll
2013-11-29 23:19:19 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{354ef3d9-02d9-4673-9d28-d08a83f9ed3b}\mpengine.dll
2013-11-27 04:34:38 -------- d-----w- C:\AdwCleaner
2013-11-23 21:13:34 -------- d-----w- C:\_OTL
2013-11-18 20:14:07 -------- d-----w- c:\program files\My Dell
2013-11-14 19:17:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-14 19:17:02 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-11-14 19:17:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 19:17:02 149744 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-11-14 19:17:01 194560 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-11-14 19:17:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 19:17:00 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2013-11-14 19:17:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 19:16:59 757488 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-11-14 19:16:59 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 19:16:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2013-11-14 19:16:58 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2013-11-14 19:16:58 104448 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll
2013-11-14 19:16:57 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 00:20:14 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 00:20:07 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 00:19:50 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 00:19:49 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-11 17:05:00 -------- d-----w- c:\programdata\PCDr
2013-11-11 08:37:18 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2013-11-11 08:37:18 -------- d--h--w- c:\programdata\CanonEPP
.
==================== Find3M  ====================
.
2013-11-11 11:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-08 22:15:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 22:15:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-08 12:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-25 01:53:24 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-09-25 01:49:20 213200 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-09-25 01:49:04 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-09-25 01:45:46 571608 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-09-25 01:44:30 365256 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-09-25 01:44:00 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-09-25 01:43:30 235488 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-09-25 01:42:44 133928 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-09-23 18:48:38 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-09-20 14:37:40 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 14:37:24 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-09-20 14:37:10 301248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
.
============= FINISH: 17:39:13.30 ===============
 
 
 
 
 
 

Attached Files



#10 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,102 posts

Posted 01 December 2013 - 06:01 PM

Hello, XoXo_LuLu_XoXo.

 

Thank you for your reports.  You forgot to let me know how your computer is running now, and what other issues, if any, you are experiencing.  Please let me know in your next reply.  This information will help me to move you toward the next steps.

 

Please run the following scans

 

1.  OTL fix

 

Run OTL.exe

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  • Then click the Run Fix button at the top.
:OTL
mStart Page = hxxp://websearch.wisesearch.info/?pid=1273&r=2013/10/23hid=8117017758201206986&lg=EN&cc=US&unqvl=39
:Commands
[emptytemp]
  • Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.

Post the new log in your next reply.

 

2.  Malwarebytes Anti-Malware

Please download Malwarebytes from Here or Here.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan

.MBAMCapture.jpg

  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

Note:  If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

 

Post the report please.
 

 



#11 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 02 December 2013 - 02:02 AM

All processes killed
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Rose
->Temp folder emptied: 1539687 bytes
->Temporary Internet Files folder emptied: 579960 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 164793855 bytes
->Flash cache emptied: 826 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 537282 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1053510 bytes
 
Total Files Cleaned = 161.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12022013_014710
 
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\MpCmdRun-81-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock not found!
File\Folder C:\Windows\temp\MpCmdRun-81-53C9D589-6B66-4F30-9BAB-9A0193B0BAFC.lock not found!
C:\Windows\temp\MpCmdRun.log moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.02.04
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rose :: LULU [administrator]
 
12/2/2013 1:27:50 AM
mbam-log-2013-12-02 (01-27-50).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200997
Time elapsed: 15 minute(s), 58 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Bad: (http://websearch.wis...&cc=US&unqvl=39) Good: (http://www.google.com) -> Quarantined and repaired successfully.
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
My computer seems to be running little faster but still lags at times, I haven't noticed any new problems or files appearing. 


#12 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,102 posts

Posted 02 December 2013 - 11:37 AM

Hello, XoXo_LuLu_XoXo.
 
Thank you for your reports.
 
Please run the following scan

ESET Online Scanner

 

Note:

  • Disable any antivirus program and antispyware programs to avoid conflicts.
  • Run Eset with Internet Explorer, but if using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
  • Please do not surf the internet while your security programs are disabled.
  • Let the scan run uninterrupted to avoid a stall.
  • Remember to enable your security programs when the scan has finished.

Run ESET Online Scanner from HERE.

  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • If prompted, allow the Add-On/Active X to install.

Under Computer scan settings:

  • Do not check Remove found threats
  • Check Scan Archives.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start. ESET will download updates, install itself, and begin scanning your computer. Please be patient as this scan could take up to a few hours to complete.
  • Wait for the scan to finish. When the scan completes, click List of found threats.
  • Click Export and save the file to your desktop using a unique name, such as ESETScan.
  • Copy and paste the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#13 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,102 posts

Posted 05 December 2013 - 02:27 PM

Hello,  XoXo_LuLu_XoXo.

 

Do you still need help?  Have you run ESET Online Scanner?

 

To avoid closing this thread, please reply.

 

 

 

 



#14 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 07 December 2013 - 08:35 AM

C:\AI_RecycleBin\{6E5DF2C3-3B08-4027-BA06-88BD863B6C62}\3\Strongvault\StrongVaultApp.exe a variant of MSIL/Adware.StrongVault.A application
C:\Program Files\PDFCreator\message.exe a variant of Win32/InstallCore.A application
 



#15 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,102 posts

Posted 09 December 2013 - 02:49 PM

Hello, XoXo_LuLu_XoXo.

 

Thank you for the ESET report.

 

Please run the following scans

 

1.  OTL fix

 

Run OTL.exe

  • Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  • Then click the Run Fix button at the top.
:OTL
C:\AI_RecycleBin\{6E5DF2C3-3B08-4027-BA06-88BD863B6C62}\3\Strongvault\StrongVaultApp.exe
C:\Program Files\PDFCreator\message.exe 

:Commands
[emptytemp]
  • Let the program run unhindered; it will reboot when it is done. If it does not, please reboot your system.
  • Post the new log in your next reply.

DDS

Please run DDS again and send me fresh reports of dds.txt and attach txt.

 

In your next reply, please let me know how your computer is running now.


  • XoXo_LuLu_XoXo likes this



Similar Topics: Help with PC Issues running slow and new files appearing [Closed] [Sol     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users