Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91600 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help with PC Issues running slow and new files appearing [Closed] [Sol


  • This topic is locked This topic is locked
47 replies to this topic

#31 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 January 2014 - 11:33 PM

Hi,

 

I reopened your topic.  Why don't you follow my previous instructions and run Combofix and post the log please


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#32 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 14 January 2014 - 12:55 PM

I did the OTL run fix, and when I just restarted my pc this morning. The keyboard was malfunctioning, I could not type anything into my login box on the login screen. Caps Lock Num Lock  buttons did not light up or anything. I restarted the pc and it's working for now. Here is the log

 

All processes killed
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Rose
->Temp folder emptied: 35369743 bytes
->Temporary Internet Files folder emptied: 1620201 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 363008455 bytes
->Flash cache emptied: 826 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4541839 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3949784 bytes
 
Total Files Cleaned = 390.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01132014_211453
 
Files\Folders moved on Reboot...
File\Folder C:\Users\Rose\AppData\Local\Temp\etilqs_L1yufuGX9qSiduw not found!
File\Folder C:\Users\Rose\AppData\Local\Temp\etilqs_Xz2WRvi2PDEJMGq not found!
C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000027A651FFBDF0F2D123 not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#33 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 14 January 2014 - 01:09 PM

Hi,

 

I reopened your topic.  Why don't you follow my previous instructions and run Combofix and post the log please


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#34 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 14 January 2014 - 04:39 PM

sorry about that here is the combofix log

 

ComboFix 14-01-14.02 - Rose 01/14/2014  16:25:42.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3573.1967 [GMT -6:00]
Running from: c:\users\Rose\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinZip Driver Updater
C:\uninstall.exe
c:\uninstall.exe\ActiveDrv.vbs
c:\uninstall.exe\Assoc.cmd
c:\uninstall.exe\Auto-RC.cmd
c:\uninstall.exe\av.cmd
c:\uninstall.exe\av.vbs
c:\uninstall.exe\AWF.cmd
c:\uninstall.exe\badclsid.c
c:\uninstall.exe\BFE.dat
c:\uninstall.exe\Boot-Rk.cmd
c:\uninstall.exe\Boot.bat
c:\uninstall.exe\BootDrv.vbs
c:\uninstall.exe\c.bat
c:\uninstall.exe\c.mrk
c:\uninstall.exe\Catch-sub.cmd
c:\uninstall.exe\catchme.3XE
c:\uninstall.exe\CCS.bat
c:\uninstall.exe\CF-Script.cmd
c:\uninstall.exe\CF30561.3XE
c:\uninstall.exe\CHCP.bat
c:\uninstall.exe\clsid.c
c:\uninstall.exe\Combobatch.bat
c:\uninstall.exe\ComboFix-Download.3XE
c:\uninstall.exe\Create.cmd
c:\uninstall.exe\Creg.dat
c:\uninstall.exe\CregC.cmd
c:\uninstall.exe\CregC.dat
c:\uninstall.exe\CSCRIPT.3XE
c:\uninstall.exe\d-delA.dat
c:\uninstall.exe\dd.3XE
c:\uninstall.exe\ddsDo.sed
c:\uninstall.exe\DelClsid.bat
c:\uninstall.exe\DelClsid64.bat
c:\uninstall.exe\desktop.ini
c:\uninstall.exe\DesktopFile.cfx
c:\uninstall.exe\DisclaimED.dat
c:\uninstall.exe\DPF.str
c:\uninstall.exe\DrvRun.vbs
c:\uninstall.exe\dumphive.3XE
c:\uninstall.exe\embedded.sed
c:\uninstall.exe\en-US\ATTRIB.3XE.mui
c:\uninstall.exe\en-US\CF30561.3XE.mui
c:\uninstall.exe\en-US\cmd.3XE.mui
c:\uninstall.exe\en-US\CSCRIPT.3XE.mui
c:\uninstall.exe\en-US\iexplore.exe
c:\uninstall.exe\en-US\PING.3XE.mui
c:\uninstall.exe\en-US\REGT.3XE.mui
c:\uninstall.exe\en-US\ROUTE.3XE.mui
c:\uninstall.exe\ERDNT.e_e
c:\uninstall.exe\ERDNTDOS.LOC
c:\uninstall.exe\ERDNTWIN.LOC
c:\uninstall.exe\ERUNT.3XE
c:\uninstall.exe\erunt.dat
c:\uninstall.exe\ERUNT.LOC
c:\uninstall.exe\Exe.reg
c:\uninstall.exe\extract.3XE
c:\uninstall.exe\FavoriteFolder.cfx
c:\uninstall.exe\FavoritesFile.cfx
c:\uninstall.exe\FD-SV.cmd
c:\uninstall.exe\ffdefstr.dll
c:\uninstall.exe\ffext.pif
c:\uninstall.exe\FileKill.3XE
c:\uninstall.exe\files.pif
c:\uninstall.exe\Fin.dat
c:\uninstall.exe\FIND3M.bat
c:\uninstall.exe\FIXLSP.bat
c:\uninstall.exe\FIXLSP64.cmd
c:\uninstall.exe\FKMGen.cmd
c:\uninstall.exe\ForeignWht
c:\uninstall.exe\GetHive.cmd
c:\uninstall.exe\grep.3XE
c:\uninstall.exe\gsar.3XE
c:\uninstall.exe\handle.3XE
c:\uninstall.exe\hidec.3XE
c:\uninstall.exe\history.bat
c:\uninstall.exe\hwid.pif
c:\uninstall.exe\iexplore.exe
c:\uninstall.exe\image001.gif
c:\uninstall.exe\Imefile.dat
c:\uninstall.exe\Install-RC.cmd
c:\uninstall.exe\iphlpsvc.vista.dat
c:\uninstall.exe\iphlpsvc.w7.dat
c:\uninstall.exe\iphlpsvc.w8.dat
c:\uninstall.exe\katch.cmd
c:\uninstall.exe\Kill-All.cmd
c:\uninstall.exe\kmd.dat
c:\uninstall.exe\KNetSvcs.vbs
c:\uninstall.exe\Lang.bat
c:\uninstall.exe\List-B.bat
c:\uninstall.exe\List-C.bat
c:\uninstall.exe\List-D.bat
c:\uninstall.exe\List.bat
c:\uninstall.exe\lnkread.vbs
c:\uninstall.exe\LocalAppDataFile.cfx
c:\uninstall.exe\LocalAppDataFolder.cfx
c:\uninstall.exe\LocalService.dat
c:\uninstall.exe\LocalServiceNetworkRestricted.dat
c:\uninstall.exe\LocalSettingsFile.cfx
c:\uninstall.exe\LocalSettingsFolder.cfx
c:\uninstall.exe\LocalSystemNetworkRestricted.dat
c:\uninstall.exe\mbr.3XE
c:\uninstall.exe\mbr.chk
c:\uninstall.exe\md5sum.pif
c:\uninstall.exe\MDWht.dat
c:\uninstall.exe\MoveIt.bat
c:\uninstall.exe\MpsSvc.dat
c:\uninstall.exe\mtee.3XE
c:\uninstall.exe\MUI
c:\uninstall.exe\mynul.dat
c:\uninstall.exe\MZChanged.dat
c:\uninstall.exe\N_\15234
c:\uninstall.exe\N_\17897
c:\uninstall.exe\N_\Path$
c:\uninstall.exe\ncmd.com
c:\uninstall.exe\ND_.bat
c:\uninstall.exe\ND_64.bat
c:\uninstall.exe\ndis_combofix.dat
c:\uninstall.exe\netsvc.bad.dat
c:\uninstall.exe\netsvc.vista.dat
c:\uninstall.exe\NetworkService.dat
c:\uninstall.exe\NirCmd.3XE
c:\uninstall.exe\NircmdB.exe
c:\uninstall.exe\NirCmdC.3XE
c:\uninstall.exe\NIRKMD.3XE
c:\uninstall.exe\NlsLanguageDefault
c:\uninstall.exe\NT-OS.cmd
c:\uninstall.exe\NULL
c:\uninstall.exe\OSid.vbs
c:\uninstall.exe\pausep.3XE
c:\uninstall.exe\PersonalFile.cfx
c:\uninstall.exe\PersonalFolder.cfx
c:\uninstall.exe\pev.3XE
c:\uninstall.exe\PEV.exe
c:\uninstall.exe\pevb.3XE
c:\uninstall.exe\PING.3XE
c:\uninstall.exe\Policies.dat
c:\uninstall.exe\powp.dat
c:\uninstall.exe\Prep.inf
c:\uninstall.exe\ProfilesFile.cfx
c:\uninstall.exe\ProfilesFolder.cfx
c:\uninstall.exe\ProgramsFile.cfx
c:\uninstall.exe\ProgramsFolder.cfx
c:\uninstall.exe\Purity.dat
c:\uninstall.exe\PV.3XE
c:\uninstall.exe\pv.com
c:\uninstall.exe\rar_sfx.cmd
c:\uninstall.exe\RCLink.dat
c:\uninstall.exe\REGDACL.sed
c:\uninstall.exe\RegDo.sed
c:\uninstall.exe\region.dat
c:\uninstall.exe\RegScan.cmd
c:\uninstall.exe\RegScan64.cmd
c:\uninstall.exe\Resident.txt
c:\uninstall.exe\restore_pt.vbs
c:\uninstall.exe\Rkey.cmd
c:\uninstall.exe\rmbr.3XE
c:\uninstall.exe\rogues.dat
c:\uninstall.exe\ROUTE.3XE
c:\uninstall.exe\run2.sed
c:\uninstall.exe\Rust.str
c:\uninstall.exe\s0rt.3XE
c:\uninstall.exe\safeboot.dat
c:\uninstall.exe\safeboot.def.dat
c:\uninstall.exe\safeboot.def.vista.dat
c:\uninstall.exe\sed.3XE
c:\uninstall.exe\SetEnvmt.bat
c:\uninstall.exe\setpath.3XE
c:\uninstall.exe\setpath_N.cmd
c:\uninstall.exe\SF.exe
c:\uninstall.exe\sfx.cmd
c:\uninstall.exe\ShAccess.dat
c:\uninstall.exe\SnapShot.cmd
c:\uninstall.exe\sqlite3.3XE
c:\uninstall.exe\SRestore.cmd
c:\uninstall.exe\srizbi.md5
c:\uninstall.exe\Start_dat
c:\uninstall.exe\StartMenuFile.cfx
c:\uninstall.exe\StartMenuFolder.cfx
c:\uninstall.exe\StartUpFile.cfx
c:\uninstall.exe\SuppScan.cmd
c:\uninstall.exe\svc_wht.dat
c:\uninstall.exe\SvcDrv.vbs
c:\uninstall.exe\svchost.vista.dat
c:\uninstall.exe\svchost.vista.x64.dat
c:\uninstall.exe\swreg.3XE
c:\uninstall.exe\swsc.3XE
c:\uninstall.exe\swxcacls.3XE
c:\uninstall.exe\system_ini.dat
c:\uninstall.exe\tail.3XE
c:\uninstall.exe\temp00
c:\uninstall.exe\TemplatesFile.cfx
c:\uninstall.exe\TemplatesFolder.cfx
c:\uninstall.exe\toolbar.sed
c:\uninstall.exe\Update-CF.cmd
c:\uninstall.exe\VBR.pif
c:\uninstall.exe\VerCF.bat
c:\uninstall.exe\VikPev00
c:\uninstall.exe\VInfo
c:\uninstall.exe\VInfo2
c:\uninstall.exe\VINFO3
c:\uninstall.exe\Vipev.dat
c:\uninstall.exe\Vista.krl
c:\uninstall.exe\Vista.mac
c:\uninstall.exe\vistaMcode.dat
c:\uninstall.exe\vistareg.dat
c:\uninstall.exe\vun.dat
c:\uninstall.exe\VwinTemp.dacl
c:\uninstall.exe\w_sock.dll
c:\uninstall.exe\w7Mcode.dat
c:\uninstall.exe\w8reg.dat
c:\uninstall.exe\Wmi_rem.vbs
c:\uninstall.exe\xpmcode.dat
c:\uninstall.exe\XPSBoot.reg
c:\uninstall.exe\zDomain.dat
c:\uninstall.exe\zhsvc.dat
c:\uninstall.exe\zip.3XE
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-14 to 2014-01-14  )))))))))))))))))))))))))))))))
.
.
2014-01-13 20:16 . 2014-01-13 20:16 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-13 20:16 . 2014-01-13 20:16 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-13 20:16 . 2014-01-13 20:16 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-13 20:16 . 2014-01-13 20:16 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-13 20:16 . 2014-01-13 20:16 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-13 20:16 . 2014-01-13 20:16 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-13 20:16 . 2014-01-13 20:16 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-01-13 20:16 . 2014-01-13 20:16 43152 ----a-w- c:\windows\avastSS.scr
2014-01-13 07:06 . 2014-01-13 07:34 -------- d-----w- c:\program files\Perfect Uninstaller
2014-01-13 06:59 . 2014-01-13 06:59 -------- d-----w- c:\windows\en
2014-01-13 06:48 . 2014-01-13 06:53 -------- d-----w- c:\program files\Windows Live
2014-01-13 06:42 . 2014-01-13 06:42 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\994dfa731cf102a35\MeshBetaRemover.exe
2014-01-13 06:40 . 2014-01-13 06:40 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\55e2c3131cf102a28\DSETUP.dll
2014-01-13 06:40 . 2014-01-13 06:40 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\55e2c3131cf102a28\DXSETUP.exe
2014-01-13 06:40 . 2014-01-13 06:40 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\55e2c3131cf102a28\dsetup32.dll
2014-01-13 06:40 . 2014-01-13 06:40 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\509ce0c31cf102a27\DSETUP.dll
2014-01-13 06:40 . 2014-01-13 06:40 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\509ce0c31cf102a27\DXSETUP.exe
2014-01-13 06:40 . 2014-01-13 06:40 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\509ce0c31cf102a27\dsetup32.dll
2014-01-13 06:32 . 2014-01-13 06:32 -------- d-----w- c:\program files\MSXML 4.0
2014-01-13 05:32 . 2014-01-13 05:32 -------- d-----w- c:\users\Rose\AppData\Roaming\AVAST Software
2014-01-13 00:21 . 2014-01-13 00:21 -------- d-----w- c:\users\Rose\AppData\Roaming\KodakCredentialStore
2014-01-12 07:10 . 2014-01-12 07:10 -------- d-----w- c:\users\Rose\AppData\Local\KodakGallery
2014-01-12 07:09 . 2014-01-12 07:09 -------- d-----w- c:\users\Rose\AppData\Roaming\Skinux
2014-01-12 07:03 . 2014-01-13 06:18 -------- d-----w- c:\users\Rose\{d97eff87-c57a-41ce-a282-e0a3026bcb2f}
2014-01-12 06:59 . 2014-01-13 06:18 -------- d-----w- c:\program files\Common Files\Kodak
2014-01-12 06:58 . 2014-01-13 02:44 -------- d-----w- c:\program files\Kodak
2014-01-12 06:38 . 2014-01-13 06:18 -------- d-----w- c:\programdata\Kodak
2014-01-10 06:21 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1AE66E2-43F5-4B7C-B235-122E95352389}\mpengine.dll
2014-01-04 10:23 . 2014-01-04 10:23 -------- d-----w- c:\programdata\Samsung
2014-01-04 01:22 . 2014-01-04 01:40 -------- d-----w- c:\program files\LeapFrog
2014-01-03 18:04 . 2014-01-03 18:04 -------- d-----w- c:\programdata\Leapfrog
2014-01-03 03:44 . 2014-01-03 03:44 -------- d-----w- c:\users\Rose\AppData\Roaming\WinZip
2014-01-02 02:14 . 2014-01-02 02:14 -------- d-----w- c:\program files\VS Revo Group
2014-01-02 01:20 . 2014-01-02 01:21 -------- d-----w- c:\program files\sweetpacks bundle uninstaller
2013-12-31 08:45 . 2011-11-25 07:26 13440 ----a-w- c:\windows\system32\drivers\pneteth.sys
2013-12-31 08:16 . 2011-07-18 21:01 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2013-12-24 05:40 . 2013-12-24 05:40 -------- d-----w- c:\windows\Migration
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-13 20:16 . 2013-06-30 06:29 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-13 06:47 . 2011-03-29 00:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-11 03:15 . 2012-09-30 05:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 03:15 . 2012-09-30 05:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-26 18:25 . 2009-10-03 03:00 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50 . 2013-12-12 18:37 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42 . 2013-12-12 18:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42 . 2013-12-12 18:36 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38 . 2013-12-12 18:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38 . 2013-12-12 18:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35 . 2013-12-12 18:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13 . 2013-12-11 22:30 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12 . 2013-12-11 22:30 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 01:43 . 2013-12-11 22:30 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43 . 2013-12-11 22:30 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-10-30 00:35 . 2013-12-11 22:30 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-10-22 07:19 . 2013-12-11 22:30 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-13 20:16 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-11-27 106496]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-13 3764024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AppRemover Feedback"="explorer http://www.appremover.com/feedback" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-12-02 07:38 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Rose^AppData^Roaming^Microsoft^Windows^Templates^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\225517B3BEC763B24377202884D2E14DF81F1D35._service_run]
2013-12-04 02:48 863184 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-07-10 00:21 163840 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-07-10 00:25 170520 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-07-10 00:26 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-07-10 00:26 141848 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3876892959-2368528674-3984381725-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ   PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
BullGuard_Backup REG_MULTI_SZ   BsBackup
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 02:24 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 03:15]
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef460811b782f.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-23 04:35]
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-23 04:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-14 16:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3876892959-2368528674-3984381725-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3876892959-2368528674-3984381725-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-01-14  16:37:53
ComboFix-quarantined-files.txt  2014-01-14 22:37
.
Pre-Run: 86,995,918,848 bytes free
Post-Run: 86,957,654,016 bytes free
.
- - End Of File - - 359A13A98802A5AC1252EAF2E73A2CD0
CDB4DE4BBD714F152979DA2DCBEF57EB


#35 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 14 January 2014 - 05:25 PM

Where going to go back and do a few things over just to make sure all this stuff is gone, I am posting the entire instructions just in case you removed the programs

 

 

Run these in order please and post the log for each one, they all may not fit in one reply so take as many replies as you need to post them all

 

 

First

 

AdwCleaner

 
Download AdwCleaner to your desktop.
 
Right click and select "Run as Administrator".
 
  •  
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
 

 

================================================

 

 

Second

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  •  
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
===========================================
 
 
Third 
 

Please download Malwarebytes from Here or Here
 
  •  
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

 


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#36 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 14 January 2014 - 10:44 PM

# AdwCleaner v3.013 - Report created 27/11/2013 at 13:20:45
# Updated 24/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Rose - LULU
# Running from : C:\Users\Rose\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\DowNNloaoD kkeeper
File Deleted : C:\Uninstall.exe
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector
File Deleted : C:\Windows\System32\Tasks\Escolade
File Deleted : C:\Windows\System32\Tasks\YourFile Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0C3278F-8736-4A4A-9DC7-0DCDB18D72EB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0C3278F-8736-4A4A-9DC7-0DCDB18D72EB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C96E30E-269C-44EA-B74C-E6DF63BD0D3E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C96E30E-269C-44EA-B74C-E6DF63BD0D3E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C461B81-5DAD-49EE-98D1-DC9C6D378D73}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C461B81-5DAD-49EE-98D1-DC9C6D378D73}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{420984CA-358C-4253-BA24-17C9D85EBCDC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420984CA-358C-4253-BA24-17C9D85EBCDC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16520
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3159 octets] - [26/11/2013 22:34:42]
AdwCleaner[R1].txt - [3219 octets] - [27/11/2013 13:06:43]
AdwCleaner[S0].txt - [3316 octets] - [27/11/2013 13:20:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3376 octets] ##########
# AdwCleaner v3.017 - Report created 14/01/2014 at 22:05:41
# Updated 12/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Rose - LULU
# Running from : C:\Users\Rose\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller
Folder Deleted : C:\Users\Rose\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Rose\AppData\Roaming\iPumper
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector
File Deleted : C:\Windows\System32\Tasks\Escolade
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate
File Deleted : C:\Windows\System32\Tasks\YourFile Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0C3278F-8736-4A4A-9DC7-0DCDB18D72EB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0C3278F-8736-4A4A-9DC7-0DCDB18D72EB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C96E30E-269C-44EA-B74C-E6DF63BD0D3E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C96E30E-269C-44EA-B74C-E6DF63BD0D3E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C461B81-5DAD-49EE-98D1-DC9C6D378D73}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C461B81-5DAD-49EE-98D1-DC9C6D378D73}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{420984CA-358C-4253-BA24-17C9D85EBCDC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420984CA-358C-4253-BA24-17C9D85EBCDC}
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3315446
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16526
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7721 octets] - [26/11/2013 22:34:42]
AdwCleaner[R1].txt - [3219 octets] - [27/11/2013 13:06:43]
AdwCleaner[S0].txt - [8103 octets] - [27/11/2013 13:20:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8163 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by Rose on Tue 01/14/2014 at 22:13:14.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\Rose\AppData\LocalLow\FCTB000100565
Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ai_recyclebin"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/14/2014 at 22:20:24.83
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.15.02
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rose :: LULU [administrator]
 
1/14/2014 10:22:21 PM
mbam-log-2014-01-14 (22-22-21).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203800
Time elapsed: 20 minute(s), 52 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKCR\AppID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 


#37 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 14 January 2014 - 11:03 PM

Great,

 

Go ahead and run a new scan with OTL and post the log please


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#38 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 15 January 2014 - 01:47 AM

here is the requested OTL log

 

OTL logfile created on: 1/15/2014 1:19:24 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rose\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.49 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 64.79% Memory free
4.92 Gb Paging File | 3.81 Gb Available in Paging File | 77.46% Paging File free
Paging file location(s): c:\pagefile.sys 1530 2000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 80.63 Gb Free Space | 60.01% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.48 Gb Free Space | 51.04% Space Free | Partition Type: NTFS
Drive E: | 230.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: LULU | User Name: Rose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Users\Rose\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (BAVSvc) -- C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe (Baidu, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezSharedSvcHost.exe (EasyBits Software AS)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found
DRV - (catchme) -- C:\Users\Rose\AppData\Local\Temp\catchme.sys File not found
DRV - (andnetndis) -- system32\DRIVERS\lgandnetndis.sys File not found
DRV - (andnetadb) -- System32\Drivers\lgandnetadb.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DLADResM) -- C:\Windows\System32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2014/01/01 20:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\extensions
[2014/01/01 20:11:00 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\extensions\support@websteroidsapp.com
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! Online Security = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\default\extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: Google Wallet = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2014/01/14 16:35:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E343DDE5-E345-4655-97A9-44B48425462F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Rose\Desktop\+ KaCy'S FoLdeR  +\ALL GRAPHICS\June 2013 newer graphics-wallpapers\love_wallpaper_Black&White.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rose\Desktop\+ KaCy'S FoLdeR  +\ALL GRAPHICS\June 2013 newer graphics-wallpapers\love_wallpaper_Black&White.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/02/27 22:21:22 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/14 22:02:25 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Rose\Desktop\JRT.exe
[2014/01/14 16:38:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/14 16:37:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/14 16:37:56 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\temp
[2014/01/14 16:21:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/14 16:21:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/14 16:21:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/14 16:20:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/14 16:20:22 | 000,000,000 | R--D | C] -- C:\Users\Rose\Desktop\Favorites
[2014/01/14 16:07:42 | 005,165,717 | R--- | C] (Swearware) -- C:\Users\Rose\Desktop\ComboFix.exe
[2014/01/14 16:04:48 | 012,217,544 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Rose\Desktop\AppRemover.exe
[2014/01/13 14:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/13 14:16:14 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/01/13 14:16:13 | 000,775,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/13 14:16:13 | 000,410,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/13 14:16:12 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/13 14:16:11 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/01/13 14:16:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/13 01:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2014/01/13 00:59:14 | 000,000,000 | ---D | C] -- C:\Windows\en
[2014/01/13 00:56:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2014/01/13 00:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2014/01/13 00:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014/01/13 00:32:35 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014/01/12 23:32:15 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\AVAST Software
[2014/01/12 18:21:33 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\KodakCredentialStore
[2014/01/12 01:10:01 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\KodakGallery
[2014/01/12 01:09:13 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Skinux
[2014/01/12 01:03:47 | 000,000,000 | ---D | C] -- C:\Users\Rose\{d97eff87-c57a-41ce-a282-e0a3026bcb2f}
[2014/01/12 00:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2014/01/12 00:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2014/01/12 00:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2014/01/12 00:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2014/01/12 00:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2014/01/04 04:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2014/01/04 03:58:12 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\Odin307
[2014/01/04 02:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/01/04 02:42:30 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\WinRAR
[2014/01/04 02:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2014/01/03 19:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
[2014/01/03 19:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2014/01/03 12:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2014/01/02 21:44:32 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\WinZip
[2014/01/01 20:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/01/01 20:14:36 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\Revo Uninstaller
[2014/01/01 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\Revo_Uninstaller_TSV4W4V2
[2013/12/31 02:45:25 | 000,013,440 | ---- | C] (June Fabrics Technology Inc.) -- C:\Windows\System32\drivers\pneteth.sys
[2013/12/31 02:16:11 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdfcoinstaller01005.dll
[2013/12/29 15:46:24 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\Google Chrome
[2013/12/23 23:40:51 | 000,000,000 | ---D | C] -- C:\Windows\Migration
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/15 01:15:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/15 01:02:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/15 00:39:44 | 000,101,069 | ---- | M] () -- C:\Users\Rose\Desktop\famous-quotes-9.jpg
[2014/01/15 00:38:37 | 000,053,726 | ---- | M] () -- C:\Users\Rose\Desktop\glass-half-full-positive-quote.jpg
[2014/01/15 00:12:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 00:12:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/14 22:12:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cef460811b782f.job
[2014/01/14 22:11:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/14 22:02:26 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Rose\Desktop\JRT.exe
[2014/01/14 22:02:17 | 001,236,282 | ---- | M] () -- C:\Users\Rose\Desktop\AdwCleaner.exe
[2014/01/14 16:35:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/01/14 16:07:49 | 005,165,717 | R--- | M] (Swearware) -- C:\Users\Rose\Desktop\ComboFix.exe
[2014/01/14 16:05:15 | 012,217,544 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Rose\Desktop\AppRemover.exe
[2014/01/13 14:16:49 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/13 14:16:08 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/13 14:16:08 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/13 14:16:08 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/01/13 14:16:08 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/13 14:16:08 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/13 14:16:08 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/01/13 14:16:08 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/01/13 14:16:08 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/01/13 14:16:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/13 01:17:20 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
[2014/01/13 00:20:12 | 000,383,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/12 01:17:36 | 000,065,536 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2014/01/12 01:17:36 | 000,057,344 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2014/01/12 01:14:59 | 000,964,417 | ---- | M] () -- C:\Users\Rose\Desktop\000_0007.jpg
[2014/01/05 06:16:20 | 000,642,974 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/05 06:16:20 | 000,120,134 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/04 02:42:29 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/01/03 19:43:12 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2014/01/01 20:14:37 | 000,001,019 | ---- | M] () -- C:\Users\Rose\Desktop\Revo Uninstaller.lnk
[2013/12/31 02:19:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
 
========== Files Created - No Company Name ==========
 
[2014/01/15 00:39:43 | 000,101,069 | ---- | C] () -- C:\Users\Rose\Desktop\famous-quotes-9.jpg
[2014/01/15 00:38:36 | 000,053,726 | ---- | C] () -- C:\Users\Rose\Desktop\glass-half-full-positive-quote.jpg
[2014/01/14 22:02:16 | 001,236,282 | ---- | C] () -- C:\Users\Rose\Desktop\AdwCleaner.exe
[2014/01/14 16:21:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/14 16:21:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/14 16:21:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/14 16:21:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/14 16:21:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/13 14:16:49 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/13 14:16:14 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/13 14:16:12 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/01/13 01:17:20 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
[2014/01/13 00:56:01 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2014/01/13 00:54:31 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2014/01/13 00:51:40 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2014/01/12 01:17:30 | 000,964,417 | ---- | C] () -- C:\Users\Rose\Desktop\000_0007.jpg
[2014/01/12 01:09:47 | 000,065,536 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mbb
[2014/01/12 01:09:47 | 000,057,344 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mb
[2014/01/04 02:42:29 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/01/03 19:43:12 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2014/01/01 20:14:37 | 000,001,019 | ---- | C] () -- C:\Users\Rose\Desktop\Revo Uninstaller.lnk
[2013/12/31 02:19:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
[2013/07/13 02:15:24 | 000,000,448 | ---- | C] () -- C:\Users\Rose\Downloads - Shortcut.lnk
[2013/07/11 23:27:42 | 000,003,584 | ---- | C] () -- C:\Users\Rose\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/28 18:44:14 | 000,009,878 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\wklnhst.dat
[2013/06/18 23:44:23 | 000,000,680 | ---- | C] () -- C:\Users\Rose\AppData\Local\d3d9caps.dat
[2013/02/09 03:17:36 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2013/02/09 02:35:59 | 000,773,192 | ---- | C] () -- C:\Windows\System32\ezUPBHook64.dll
[2012/12/10 02:25:26 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/12/04 21:04:06 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2012/11/25 09:34:10 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/03/22 16:48:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/10 21:43:14 | 000,000,355 | ---- | C] () -- C:\Users\Rose\Searches.lnk
 
========== ZeroAccess Check ==========
 
[2006/11/02 06:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >


#39 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 January 2014 - 06:50 AM

Hi,

 

Log looks pretty good.  It looks like Avast is your main Anti Virus program, but also looking at two others, with AV Software just one is needed, more than one is overkill and can hamper system performance.  

 

C:\Program Files\ESET\ESET NOD32
C:\Program Files\Baidu Security
 
Go into Programs and Features in the Control Panel and see if you can uninstall them.  If not you can use this program
 

Run AppRemover  
 
Vista , Win 7 users, right click on the icon and select "run as administrator"
 
Please download AppRemover and save it to your desktop.
  • Double click on AppRemover.exe to run it.
  • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
  • Click on the Next button.
  • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do. 
  • Click on the Next button.
  • A scan begins, please wait. Once done, click on the Next button.
  • Now you should have a list of your installed security programs, choose the one  you want to uninstall and click on the Next button.
  • Follow the last step and reboot if asked to do so.
  •  
     
    Let me know if you where able to uninstall them ??

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #40 XoXo_LuLu_XoXo

    XoXo_LuLu_XoXo

      Authentic Member

    • Authentic Member
    • PipPip
    • 35 posts

    Posted 15 January 2014 - 09:58 AM

    I was unable to uninstall either of those programs. When I run the AppRemover program the only thing that shows up after the initial scan checking for security programs is my Avast and you were correct when you said that is my main security program I want to keep installed. So I just exited the program and will await for my next instructions. Thank you so much for the quick responses and most of all your time


      Advertisements

    Register to Remove


    #41 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,203 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 15 January 2014 - 10:09 AM

    OK, lets do this

     

    Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  •  
     
    :OTL
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
    SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe File not found
    SRV - (BAVSvc) -- C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe (Baidu, Inc.)
     
     
    :Services
     
    :Reg
     
    :Files
    ipconfig /flushdns /c
     
     
    :Commands
    [purity]
    [resethosts]
    [EMPTYJAVA] 
    [emptytemp]
    [start explorer]
    [Reboot]
     
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
  •  
    Then run a new scan with OTL and post the new log please <-----

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #42 XoXo_LuLu_XoXo

    XoXo_LuLu_XoXo

      Authentic Member

    • Authentic Member
    • PipPip
    • 35 posts

    Posted 15 January 2014 - 11:07 AM

    Here is the requested log file.

     

    All processes killed
    Error: Unable to interpret < > in the current context!
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com deleted successfully.
    File C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird not found.
    Service ekrn stopped successfully!
    Service ekrn deleted successfully!
    File  C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe File not found not found.
    Service BAVSvc stopped successfully!
    Service BAVSvc deleted successfully!
    C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Rose\Desktop\cmd.bat deleted successfully.
    C:\Users\Rose\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
     
    [EMPTYJAVA]
     
    User: All Users
     
    User: Default
     
    User: Default User
     
    User: Public
     
    User: Rose
    ->Java cache emptied: 0 bytes
     
    Total Java Files Cleaned = 0.00 mb
     
     
    [EMPTYTEMP]
     
    User: All Users
     
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
     
    User: Public
    ->Temp folder emptied: 0 bytes
     
    User: Rose
    ->Temp folder emptied: 2506294 bytes
    ->Temporary Internet Files folder emptied: 1424649 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 330276705 bytes
    ->Flash cache emptied: 506 bytes
     
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 301679 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes
     
    Total Files Cleaned = 319.00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 01152014_110019
     
    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
     
    PendingFileRenameOperations files...
     
    Registry entries deleted on Reboot...


    #43 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,203 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 15 January 2014 - 11:32 AM

    Good, let me see a new OTL log 


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #44 XoXo_LuLu_XoXo

    XoXo_LuLu_XoXo

      Authentic Member

    • Authentic Member
    • PipPip
    • 35 posts

    Posted 15 January 2014 - 01:00 PM

    OTL logfile created on: 1/15/2014 12:38:29 PM - Run 5
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rose\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.49 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 61.43% Memory free
    4.87 Gb Paging File | 3.67 Gb Available in Paging File | 75.26% Paging File free
    Paging file location(s): c:\pagefile.sys 1530 2000 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 134.36 Gb Total Space | 80.36 Gb Free Space | 59.81% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 7.47 Gb Free Space | 51.02% Space Free | Partition Type: NTFS
    Drive E: | 230.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
     
    Computer Name: LULU | User Name: Rose | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
    PRC - C:\Users\Rose\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
    MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
    MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
    MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ()
     
     
    ========== Services (SafeList) ==========
     
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
    SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
    SRV - (ezSharedSvc) -- C:\Windows\System32\ezSharedSvcHost.exe (EasyBits Software AS)
    SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
    SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found
    DRV - (catchme) -- C:\Users\Rose\AppData\Local\Temp\catchme.sys File not found
    DRV - (andnetndis) -- system32\DRIVERS\lgandnetndis.sys File not found
    DRV - (andnetadb) -- System32\Drivers\lgandnetadb.sys File not found
    DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
    DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.)
    DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
    DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
    DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
    DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
    DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
    DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
    DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
    DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
    DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
    DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
    DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
    DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
    DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
    DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
    DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (DLADResM) -- C:\Windows\System32\drivers\DLADResM.SYS (Roxio)
    DRV - (DLABMFSM) -- C:\Windows\System32\drivers\DLABMFSM.SYS (Roxio)
    DRV - (DLAUDF_M) -- C:\Windows\System32\drivers\DLAUDF_M.SYS (Roxio)
    DRV - (DLAUDFAM) -- C:\Windows\System32\drivers\DLAUDFAM.SYS (Roxio)
    DRV - (DLAOPIOM) -- C:\Windows\System32\drivers\DLAOPIOM.SYS (Roxio)
    DRV - (DLABOIOM) -- C:\Windows\System32\drivers\DLABOIOM.SYS (Roxio)
    DRV - (DLAPoolM) -- C:\Windows\System32\drivers\DLAPoolM.SYS (Roxio)
    DRV - (DLAIFS_M) -- C:\Windows\System32\drivers\DLAIFS_M.SYS (Roxio)
    DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
    DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
    DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
    DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
    DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope = 
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
    ========== FireFox ==========
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
     
     
    [2014/01/01 20:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\extensions
    [2014/01/01 20:11:00 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\extensions\support@websteroidsapp.com
     
    ========== Chrome  ==========
     
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
    CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
    CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: avast! Online Security = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\default\extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
    CHR - Extension: Google Wallet = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
     
    O1 HOSTS File: ([2014/01/15 11:00:22 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1       localhost
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E343DDE5-E345-4655-97A9-44B48425462F}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\Rose\Desktop\+ KaCy'S FoLdeR  +\ALL GRAPHICS\June 2013 newer graphics-wallpapers\love_wallpaper_Black&White.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Rose\Desktop\+ KaCy'S FoLdeR  +\ALL GRAPHICS\June 2013 newer graphics-wallpapers\love_wallpaper_Black&White.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2014/01/15 07:42:37 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\Jose
    [2014/01/14 22:02:25 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Rose\Desktop\JRT.exe
    [2014/01/14 16:38:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/01/14 16:37:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/01/14 16:37:56 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\temp
    [2014/01/14 16:21:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/01/14 16:21:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/01/14 16:21:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/01/14 16:20:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/01/14 16:20:22 | 000,000,000 | R--D | C] -- C:\Users\Rose\Desktop\Favorites
    [2014/01/14 16:07:42 | 005,165,717 | R--- | C] (Swearware) -- C:\Users\Rose\Desktop\ComboFix.exe
    [2014/01/14 16:04:48 | 012,217,544 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Rose\Desktop\AppRemover.exe
    [2014/01/13 14:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2014/01/13 14:16:14 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2014/01/13 14:16:13 | 000,775,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/01/13 14:16:13 | 000,410,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/01/13 14:16:12 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/01/13 14:16:11 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2014/01/13 14:16:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/01/13 01:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
    [2014/01/13 00:59:14 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2014/01/13 00:56:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    [2014/01/13 00:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2014/01/13 00:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2014/01/12 23:32:15 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\AVAST Software
    [2014/01/12 18:21:33 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\KodakCredentialStore
    [2014/01/12 01:10:01 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\KodakGallery
    [2014/01/12 01:09:13 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Skinux
    [2014/01/12 01:03:47 | 000,000,000 | ---D | C] -- C:\Users\Rose\{d97eff87-c57a-41ce-a282-e0a3026bcb2f}
    [2014/01/12 00:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
    [2014/01/12 00:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
    [2014/01/12 00:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
    [2014/01/12 00:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
    [2014/01/12 00:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
    [2014/01/04 04:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
    [2014/01/04 03:58:12 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\Odin307
    [2014/01/04 02:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2014/01/04 02:42:30 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\WinRAR
    [2014/01/04 02:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2014/01/03 19:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
    [2014/01/03 19:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
    [2014/01/03 12:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
    [2014/01/02 21:44:32 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\WinZip
    [2014/01/01 20:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2014/01/01 20:14:36 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\Revo Uninstaller
    [2014/01/01 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\Revo_Uninstaller_TSV4W4V2
    [2013/12/31 02:45:25 | 000,013,440 | ---- | C] (June Fabrics Technology Inc.) -- C:\Windows\System32\drivers\pneteth.sys
    [2013/12/31 02:16:11 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdfcoinstaller01005.dll
    [2013/12/29 15:46:24 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\Google Chrome
    [2013/12/23 23:40:51 | 000,000,000 | ---D | C] -- C:\Windows\Migration
     
    ========== Files - Modified Within 30 Days ==========
     
    [2014/01/15 12:32:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cef460811b782f.job
    [2014/01/15 12:31:54 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/01/15 12:31:54 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/01/15 12:31:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/15 11:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/15 11:00:22 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2014/01/15 10:02:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/15 07:42:04 | 000,383,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2014/01/14 22:02:26 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Rose\Desktop\JRT.exe
    [2014/01/14 22:02:17 | 001,236,282 | ---- | M] () -- C:\Users\Rose\Desktop\AdwCleaner.exe
    [2014/01/14 16:07:49 | 005,165,717 | R--- | M] (Swearware) -- C:\Users\Rose\Desktop\ComboFix.exe
    [2014/01/14 16:05:15 | 012,217,544 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Rose\Desktop\AppRemover.exe
    [2014/01/13 14:16:49 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/01/13 14:16:08 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/01/13 14:16:08 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/01/13 14:16:08 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2014/01/13 14:16:08 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2014/01/13 14:16:08 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/01/13 14:16:08 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2014/01/13 14:16:08 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2014/01/13 14:16:08 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2014/01/13 14:16:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/01/13 01:17:20 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
    [2014/01/12 01:17:36 | 000,065,536 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
    [2014/01/12 01:17:36 | 000,057,344 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
    [2014/01/05 06:16:20 | 000,642,974 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/01/05 06:16:20 | 000,120,134 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/01/03 19:43:12 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
    [2014/01/01 20:14:37 | 000,001,019 | ---- | M] () -- C:\Users\Rose\Desktop\Revo Uninstaller.lnk
    [2013/12/31 02:19:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
     
    ========== Files Created - No Company Name ==========
     
    [2014/01/14 22:02:16 | 001,236,282 | ---- | C] () -- C:\Users\Rose\Desktop\AdwCleaner.exe
    [2014/01/14 16:21:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/01/14 16:21:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/01/14 16:21:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/01/14 16:21:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/01/14 16:21:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/01/13 14:16:49 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/01/13 14:16:14 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2014/01/13 14:16:12 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2014/01/13 01:17:20 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
    [2014/01/13 00:56:01 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    [2014/01/13 00:54:31 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    [2014/01/13 00:51:40 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    [2014/01/12 01:09:47 | 000,065,536 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mbb
    [2014/01/12 01:09:47 | 000,057,344 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mb
    [2014/01/03 19:43:12 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
    [2014/01/01 20:14:37 | 000,001,019 | ---- | C] () -- C:\Users\Rose\Desktop\Revo Uninstaller.lnk
    [2013/12/31 02:19:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
    [2013/07/13 02:15:24 | 000,000,448 | ---- | C] () -- C:\Users\Rose\Downloads - Shortcut.lnk
    [2013/07/11 23:27:42 | 000,003,584 | ---- | C] () -- C:\Users\Rose\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
    [2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
    [2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
    [2013/06/28 18:44:14 | 000,009,878 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\wklnhst.dat
    [2013/06/18 23:44:23 | 000,000,680 | ---- | C] () -- C:\Users\Rose\AppData\Local\d3d9caps.dat
    [2013/02/09 03:17:36 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2013/02/09 02:35:59 | 000,773,192 | ---- | C] () -- C:\Windows\System32\ezUPBHook64.dll
    [2012/12/10 02:25:26 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
    [2012/12/04 21:04:06 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
    [2012/11/25 09:34:10 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
    [2010/03/22 16:48:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/09/10 21:43:14 | 000,000,355 | ---- | C] () -- C:\Users\Rose\Searches.lnk
     
    ========== ZeroAccess Check ==========
     
    [2006/11/02 06:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    < End of report >


    #45 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,203 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 15 January 2014 - 01:18 PM

    Looking good :)

     

    How is your system behaving now ?????


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users