This topic is lockedHi,
I reopened your topic. Why don't you follow my previous instructions and run Combofix and post the log please
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Help with PC Issues running slow and new files appearing [Closed] [Sol
Started by
XoXo_LuLu_XoXo
, Nov 18 2013 04:57 PM
47 replies to this topic
#31
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 13 January 2014 - 11:33 PM
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
Register to Remove
#32
XoXo_LuLu_XoXo
-
- Authentic Member
-
- 35 posts
Authentic Member
Posted 14 January 2014 - 12:55 PM
I did the OTL run fix, and when I just restarted my pc this morning. The keyboard was malfunctioning, I could not type anything into my login box on the login screen. Caps Lock Num Lock buttons did not light up or anything. I restarted the pc and it's working for now. Here is the log
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Rose
->Temp folder emptied: 35369743 bytes
->Temporary Internet Files folder emptied: 1620201 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 363008455 bytes
->Flash cache emptied: 826 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4541839 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3949784 bytes
Total Files Cleaned = 390.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01132014_211453
Files\Folders moved on Reboot...
File\Folder C:\Users\Rose\AppData\Local\Temp\etilqs_L1yufuGX9qSiduw not found!
File\Folder C:\Users\Rose\AppData\Local\Temp\etilqs_Xz2WRvi2PDEJMGq not found!
C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000027A651FFBDF0F2D123 not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#33
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 14 January 2014 - 01:09 PM
Hi,
I reopened your topic. Why don't you follow my previous instructions and run Combofix and post the log please
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#34
XoXo_LuLu_XoXo
-
- Authentic Member
-
- 35 posts
Authentic Member
Posted 14 January 2014 - 04:39 PM
sorry about that here is the combofix log
ComboFix 14-01-14.02 - Rose 01/14/2014 16:25:42.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3573.1967 [GMT -6:00]
Running from: c:\users\Rose\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinZip Driver Updater
C:\uninstall.exe
c:\uninstall.exe\ActiveDrv.vbs
c:\uninstall.exe\Assoc.cmd
c:\uninstall.exe\Auto-RC.cmd
c:\uninstall.exe\av.cmd
c:\uninstall.exe\av.vbs
c:\uninstall.exe\AWF.cmd
c:\uninstall.exe\badclsid.c
c:\uninstall.exe\BFE.dat
c:\uninstall.exe\Boot-Rk.cmd
c:\uninstall.exe\Boot.bat
c:\uninstall.exe\BootDrv.vbs
c:\uninstall.exe\c.bat
c:\uninstall.exe\c.mrk
c:\uninstall.exe\Catch-sub.cmd
c:\uninstall.exe\catchme.3XE
c:\uninstall.exe\CCS.bat
c:\uninstall.exe\CF-Script.cmd
c:\uninstall.exe\CF30561.3XE
c:\uninstall.exe\CHCP.bat
c:\uninstall.exe\clsid.c
c:\uninstall.exe\Combobatch.bat
c:\uninstall.exe\ComboFix-Download.3XE
c:\uninstall.exe\Create.cmd
c:\uninstall.exe\Creg.dat
c:\uninstall.exe\CregC.cmd
c:\uninstall.exe\CregC.dat
c:\uninstall.exe\CSCRIPT.3XE
c:\uninstall.exe\d-delA.dat
c:\uninstall.exe\dd.3XE
c:\uninstall.exe\ddsDo.sed
c:\uninstall.exe\DelClsid.bat
c:\uninstall.exe\DelClsid64.bat
c:\uninstall.exe\desktop.ini
c:\uninstall.exe\DesktopFile.cfx
c:\uninstall.exe\DisclaimED.dat
c:\uninstall.exe\DPF.str
c:\uninstall.exe\DrvRun.vbs
c:\uninstall.exe\dumphive.3XE
c:\uninstall.exe\embedded.sed
c:\uninstall.exe\en-US\ATTRIB.3XE.mui
c:\uninstall.exe\en-US\CF30561.3XE.mui
c:\uninstall.exe\en-US\cmd.3XE.mui
c:\uninstall.exe\en-US\CSCRIPT.3XE.mui
c:\uninstall.exe\en-US\iexplore.exe
c:\uninstall.exe\en-US\PING.3XE.mui
c:\uninstall.exe\en-US\REGT.3XE.mui
c:\uninstall.exe\en-US\ROUTE.3XE.mui
c:\uninstall.exe\ERDNT.e_e
c:\uninstall.exe\ERDNTDOS.LOC
c:\uninstall.exe\ERDNTWIN.LOC
c:\uninstall.exe\ERUNT.3XE
c:\uninstall.exe\erunt.dat
c:\uninstall.exe\ERUNT.LOC
c:\uninstall.exe\Exe.reg
c:\uninstall.exe\extract.3XE
c:\uninstall.exe\FavoriteFolder.cfx
c:\uninstall.exe\FavoritesFile.cfx
c:\uninstall.exe\FD-SV.cmd
c:\uninstall.exe\ffdefstr.dll
c:\uninstall.exe\ffext.pif
c:\uninstall.exe\FileKill.3XE
c:\uninstall.exe\files.pif
c:\uninstall.exe\Fin.dat
c:\uninstall.exe\FIND3M.bat
c:\uninstall.exe\FIXLSP.bat
c:\uninstall.exe\FIXLSP64.cmd
c:\uninstall.exe\FKMGen.cmd
c:\uninstall.exe\ForeignWht
c:\uninstall.exe\GetHive.cmd
c:\uninstall.exe\grep.3XE
c:\uninstall.exe\gsar.3XE
c:\uninstall.exe\handle.3XE
c:\uninstall.exe\hidec.3XE
c:\uninstall.exe\history.bat
c:\uninstall.exe\hwid.pif
c:\uninstall.exe\iexplore.exe
c:\uninstall.exe\image001.gif
c:\uninstall.exe\Imefile.dat
c:\uninstall.exe\Install-RC.cmd
c:\uninstall.exe\iphlpsvc.vista.dat
c:\uninstall.exe\iphlpsvc.w7.dat
c:\uninstall.exe\iphlpsvc.w8.dat
c:\uninstall.exe\katch.cmd
c:\uninstall.exe\Kill-All.cmd
c:\uninstall.exe\kmd.dat
c:\uninstall.exe\KNetSvcs.vbs
c:\uninstall.exe\Lang.bat
c:\uninstall.exe\List-B.bat
c:\uninstall.exe\List-C.bat
c:\uninstall.exe\List-D.bat
c:\uninstall.exe\List.bat
c:\uninstall.exe\lnkread.vbs
c:\uninstall.exe\LocalAppDataFile.cfx
c:\uninstall.exe\LocalAppDataFolder.cfx
c:\uninstall.exe\LocalService.dat
c:\uninstall.exe\LocalServiceNetworkRestricted.dat
c:\uninstall.exe\LocalSettingsFile.cfx
c:\uninstall.exe\LocalSettingsFolder.cfx
c:\uninstall.exe\LocalSystemNetworkRestricted.dat
c:\uninstall.exe\mbr.3XE
c:\uninstall.exe\mbr.chk
c:\uninstall.exe\md5sum.pif
c:\uninstall.exe\MDWht.dat
c:\uninstall.exe\MoveIt.bat
c:\uninstall.exe\MpsSvc.dat
c:\uninstall.exe\mtee.3XE
c:\uninstall.exe\MUI
c:\uninstall.exe\mynul.dat
c:\uninstall.exe\MZChanged.dat
c:\uninstall.exe\N_\15234
c:\uninstall.exe\N_\17897
c:\uninstall.exe\N_\Path$
c:\uninstall.exe\ncmd.com
c:\uninstall.exe\ND_.bat
c:\uninstall.exe\ND_64.bat
c:\uninstall.exe\ndis_combofix.dat
c:\uninstall.exe\netsvc.bad.dat
c:\uninstall.exe\netsvc.vista.dat
c:\uninstall.exe\NetworkService.dat
c:\uninstall.exe\NirCmd.3XE
c:\uninstall.exe\NircmdB.exe
c:\uninstall.exe\NirCmdC.3XE
c:\uninstall.exe\NIRKMD.3XE
c:\uninstall.exe\NlsLanguageDefault
c:\uninstall.exe\NT-OS.cmd
c:\uninstall.exe\NULL
c:\uninstall.exe\OSid.vbs
c:\uninstall.exe\pausep.3XE
c:\uninstall.exe\PersonalFile.cfx
c:\uninstall.exe\PersonalFolder.cfx
c:\uninstall.exe\pev.3XE
c:\uninstall.exe\PEV.exe
c:\uninstall.exe\pevb.3XE
c:\uninstall.exe\PING.3XE
c:\uninstall.exe\Policies.dat
c:\uninstall.exe\powp.dat
c:\uninstall.exe\Prep.inf
c:\uninstall.exe\ProfilesFile.cfx
c:\uninstall.exe\ProfilesFolder.cfx
c:\uninstall.exe\ProgramsFile.cfx
c:\uninstall.exe\ProgramsFolder.cfx
c:\uninstall.exe\Purity.dat
c:\uninstall.exe\PV.3XE
c:\uninstall.exe\pv.com
c:\uninstall.exe\rar_sfx.cmd
c:\uninstall.exe\RCLink.dat
c:\uninstall.exe\REGDACL.sed
c:\uninstall.exe\RegDo.sed
c:\uninstall.exe\region.dat
c:\uninstall.exe\RegScan.cmd
c:\uninstall.exe\RegScan64.cmd
c:\uninstall.exe\Resident.txt
c:\uninstall.exe\restore_pt.vbs
c:\uninstall.exe\Rkey.cmd
c:\uninstall.exe\rmbr.3XE
c:\uninstall.exe\rogues.dat
c:\uninstall.exe\ROUTE.3XE
c:\uninstall.exe\run2.sed
c:\uninstall.exe\Rust.str
c:\uninstall.exe\s0rt.3XE
c:\uninstall.exe\safeboot.dat
c:\uninstall.exe\safeboot.def.dat
c:\uninstall.exe\safeboot.def.vista.dat
c:\uninstall.exe\sed.3XE
c:\uninstall.exe\SetEnvmt.bat
c:\uninstall.exe\setpath.3XE
c:\uninstall.exe\setpath_N.cmd
c:\uninstall.exe\SF.exe
c:\uninstall.exe\sfx.cmd
c:\uninstall.exe\ShAccess.dat
c:\uninstall.exe\SnapShot.cmd
c:\uninstall.exe\sqlite3.3XE
c:\uninstall.exe\SRestore.cmd
c:\uninstall.exe\srizbi.md5
c:\uninstall.exe\Start_dat
c:\uninstall.exe\StartMenuFile.cfx
c:\uninstall.exe\StartMenuFolder.cfx
c:\uninstall.exe\StartUpFile.cfx
c:\uninstall.exe\SuppScan.cmd
c:\uninstall.exe\svc_wht.dat
c:\uninstall.exe\SvcDrv.vbs
c:\uninstall.exe\svchost.vista.dat
c:\uninstall.exe\svchost.vista.x64.dat
c:\uninstall.exe\swreg.3XE
c:\uninstall.exe\swsc.3XE
c:\uninstall.exe\swxcacls.3XE
c:\uninstall.exe\system_ini.dat
c:\uninstall.exe\tail.3XE
c:\uninstall.exe\temp00
c:\uninstall.exe\TemplatesFile.cfx
c:\uninstall.exe\TemplatesFolder.cfx
c:\uninstall.exe\toolbar.sed
c:\uninstall.exe\Update-CF.cmd
c:\uninstall.exe\VBR.pif
c:\uninstall.exe\VerCF.bat
c:\uninstall.exe\VikPev00
c:\uninstall.exe\VInfo
c:\uninstall.exe\VInfo2
c:\uninstall.exe\VINFO3
c:\uninstall.exe\Vipev.dat
c:\uninstall.exe\Vista.krl
c:\uninstall.exe\Vista.mac
c:\uninstall.exe\vistaMcode.dat
c:\uninstall.exe\vistareg.dat
c:\uninstall.exe\vun.dat
c:\uninstall.exe\VwinTemp.dacl
c:\uninstall.exe\w_sock.dll
c:\uninstall.exe\w7Mcode.dat
c:\uninstall.exe\w8reg.dat
c:\uninstall.exe\Wmi_rem.vbs
c:\uninstall.exe\xpmcode.dat
c:\uninstall.exe\XPSBoot.reg
c:\uninstall.exe\zDomain.dat
c:\uninstall.exe\zhsvc.dat
c:\uninstall.exe\zip.3XE
.
.
((((((((((((((((((((((((( Files Created from 2013-12-14 to 2014-01-14 )))))))))))))))))))))))))))))))
.
.
2014-01-13 20:16 . 2014-01-13 20:16 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-13 20:16 . 2014-01-13 20:16 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-13 20:16 . 2014-01-13 20:16 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-13 20:16 . 2014-01-13 20:16 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-13 20:16 . 2014-01-13 20:16 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-13 20:16 . 2014-01-13 20:16 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-13 20:16 . 2014-01-13 20:16 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-01-13 20:16 . 2014-01-13 20:16 43152 ----a-w- c:\windows\avastSS.scr
2014-01-13 07:06 . 2014-01-13 07:34 -------- d-----w- c:\program files\Perfect Uninstaller
2014-01-13 06:59 . 2014-01-13 06:59 -------- d-----w- c:\windows\en
2014-01-13 06:48 . 2014-01-13 06:53 -------- d-----w- c:\program files\Windows Live
2014-01-13 06:42 . 2014-01-13 06:42 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\994dfa731cf102a35\MeshBetaRemover.exe
2014-01-13 06:40 . 2014-01-13 06:40 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\55e2c3131cf102a28\DSETUP.dll
2014-01-13 06:40 . 2014-01-13 06:40 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\55e2c3131cf102a28\DXSETUP.exe
2014-01-13 06:40 . 2014-01-13 06:40 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\55e2c3131cf102a28\dsetup32.dll
2014-01-13 06:40 . 2014-01-13 06:40 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\509ce0c31cf102a27\DSETUP.dll
2014-01-13 06:40 . 2014-01-13 06:40 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\509ce0c31cf102a27\DXSETUP.exe
2014-01-13 06:40 . 2014-01-13 06:40 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\509ce0c31cf102a27\dsetup32.dll
2014-01-13 06:32 . 2014-01-13 06:32 -------- d-----w- c:\program files\MSXML 4.0
2014-01-13 05:32 . 2014-01-13 05:32 -------- d-----w- c:\users\Rose\AppData\Roaming\AVAST Software
2014-01-13 00:21 . 2014-01-13 00:21 -------- d-----w- c:\users\Rose\AppData\Roaming\KodakCredentialStore
2014-01-12 07:10 . 2014-01-12 07:10 -------- d-----w- c:\users\Rose\AppData\Local\KodakGallery
2014-01-12 07:09 . 2014-01-12 07:09 -------- d-----w- c:\users\Rose\AppData\Roaming\Skinux
2014-01-12 07:03 . 2014-01-13 06:18 -------- d-----w- c:\users\Rose\{d97eff87-c57a-41ce-a282-e0a3026bcb2f}
2014-01-12 06:59 . 2014-01-13 06:18 -------- d-----w- c:\program files\Common Files\Kodak
2014-01-12 06:58 . 2014-01-13 02:44 -------- d-----w- c:\program files\Kodak
2014-01-12 06:38 . 2014-01-13 06:18 -------- d-----w- c:\programdata\Kodak
2014-01-10 06:21 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1AE66E2-43F5-4B7C-B235-122E95352389}\mpengine.dll
2014-01-04 10:23 . 2014-01-04 10:23 -------- d-----w- c:\programdata\Samsung
2014-01-04 01:22 . 2014-01-04 01:40 -------- d-----w- c:\program files\LeapFrog
2014-01-03 18:04 . 2014-01-03 18:04 -------- d-----w- c:\programdata\Leapfrog
2014-01-03 03:44 . 2014-01-03 03:44 -------- d-----w- c:\users\Rose\AppData\Roaming\WinZip
2014-01-02 02:14 . 2014-01-02 02:14 -------- d-----w- c:\program files\VS Revo Group
2014-01-02 01:20 . 2014-01-02 01:21 -------- d-----w- c:\program files\sweetpacks bundle uninstaller
2013-12-31 08:45 . 2011-11-25 07:26 13440 ----a-w- c:\windows\system32\drivers\pneteth.sys
2013-12-31 08:16 . 2011-07-18 21:01 1419232 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2013-12-24 05:40 . 2013-12-24 05:40 -------- d-----w- c:\windows\Migration
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-13 20:16 . 2013-06-30 06:29 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-13 06:47 . 2011-03-29 00:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-12-11 03:15 . 2012-09-30 05:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 03:15 . 2012-09-30 05:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-26 18:25 . 2009-10-03 03:00 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50 . 2013-12-12 18:37 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42 . 2013-12-12 18:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:42 . 2013-12-12 18:36 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 22:38 . 2013-12-12 18:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38 . 2013-12-12 18:37 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35 . 2013-12-12 18:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-30 02:13 . 2013-12-11 22:30 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12 . 2013-12-11 22:30 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 01:43 . 2013-12-11 22:30 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43 . 2013-12-11 22:30 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-10-30 00:35 . 2013-12-11 22:30 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-10-22 07:19 . 2013-12-11 22:30 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-13 20:16 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-11-27 106496]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-13 3764024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AppRemover Feedback"="explorer http://www.appremover.com/feedback" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-12-02 07:38 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Rose^AppData^Roaming^Microsoft^Windows^Templates^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\225517B3BEC763B24377202884D2E14DF81F1D35._service_run]
2013-12-04 02:48 863184 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-07-10 00:21 163840 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-07-10 00:25 170520 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-07-10 00:26 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-07-10 00:26 141848 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3876892959-2368528674-3984381725-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
BullGuard_Backup REG_MULTI_SZ BsBackup
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 02:24 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 03:15]
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cef460811b782f.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-23 04:35]
.
2014-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-23 04:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-14 16:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3876892959-2368528674-3984381725-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3876892959-2368528674-3984381725-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-01-14 16:37:53
ComboFix-quarantined-files.txt 2014-01-14 22:37
.
Pre-Run: 86,995,918,848 bytes free
Post-Run: 86,957,654,016 bytes free
.
- - End Of File - - 359A13A98802A5AC1252EAF2E73A2CD0
CDB4DE4BBD714F152979DA2DCBEF57EB
#35
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 14 January 2014 - 05:25 PM
Where going to go back and do a few things over just to make sure all this stuff is gone, I am posting the entire instructions just in case you removed the programs
Run these in order please and post the log for each one, they all may not fit in one reply so take as many replies as you need to post them all
First
AdwCleaner
Download AdwCleaner to your desktop.
Right click and select "Run as Administrator".
- Run AdwCleaner and select Delete
- Once done it will ask to reboot, allow the reboot
- On reboot a log will be produced, please attach the content of the log to your next reply
================================================
Second
Please download Junkware Removal Tool to your desktop.- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
===========================================
Third
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#36
XoXo_LuLu_XoXo
-
- Authentic Member
-
- 35 posts
Authentic Member
Posted 14 January 2014 - 10:44 PM
# AdwCleaner v3.013 - Report created 27/11/2013 at 13:20:45
# Updated 24/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Rose - LULU
# Running from : C:\Users\Rose\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\DowNNloaoD kkeeper
File Deleted : C:\Uninstall.exe
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector
File Deleted : C:\Windows\System32\Tasks\Escolade
File Deleted : C:\Windows\System32\Tasks\YourFile Update
***** [ Shortcuts ] *****
***** [ Registry ] *****
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0C3278F-8736-4A4A-9DC7-0DCDB18D72EB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0C3278F-8736-4A4A-9DC7-0DCDB18D72EB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C96E30E-269C-44EA-B74C-E6DF63BD0D3E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C96E30E-269C-44EA-B74C-E6DF63BD0D3E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C461B81-5DAD-49EE-98D1-DC9C6D378D73}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C461B81-5DAD-49EE-98D1-DC9C6D378D73}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{420984CA-358C-4253-BA24-17C9D85EBCDC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420984CA-358C-4253-BA24-17C9D85EBCDC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16520
-\\ Google Chrome v31.0.1650.57
[ File : C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3159 octets] - [26/11/2013 22:34:42]
AdwCleaner[R1].txt - [3219 octets] - [27/11/2013 13:06:43]
AdwCleaner[S0].txt - [3316 octets] - [27/11/2013 13:20:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3376 octets] ##########
# AdwCleaner v3.017 - Report created 14/01/2014 at 22:05:41
# Updated 12/01/2014 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : Rose - LULU
# Running from : C:\Users\Rose\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\Program Files\sweetpacks bundle uninstaller
Folder Deleted : C:\Users\Rose\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Rose\AppData\Roaming\iPumper
File Deleted : C:\Windows\System32\Tasks\Advanced System Protector
File Deleted : C:\Windows\System32\Tasks\Escolade
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate
File Deleted : C:\Windows\System32\Tasks\YourFile Update
***** [ Shortcuts ] *****
***** [ Registry ] *****
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0C3278F-8736-4A4A-9DC7-0DCDB18D72EB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0C3278F-8736-4A4A-9DC7-0DCDB18D72EB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C96E30E-269C-44EA-B74C-E6DF63BD0D3E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C96E30E-269C-44EA-B74C-E6DF63BD0D3E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C461B81-5DAD-49EE-98D1-DC9C6D378D73}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C461B81-5DAD-49EE-98D1-DC9C6D378D73}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{420984CA-358C-4253-BA24-17C9D85EBCDC}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{420984CA-358C-4253-BA24-17C9D85EBCDC}
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3315446
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Escolade
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16526
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7721 octets] - [26/11/2013 22:34:42]
AdwCleaner[R1].txt - [3219 octets] - [27/11/2013 13:06:43]
AdwCleaner[S0].txt - [8103 octets] - [27/11/2013 13:20:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8163 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista ™ Home Basic x86
Ran by Rose on Tue 01/14/2014 at 22:13:14.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\Users\Rose\AppData\LocalLow\FCTB000100565
Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ai_recyclebin"
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/14/2014 at 22:20:24.83
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.15.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rose :: LULU [administrator]
1/14/2014 10:22:21 PM
mbam-log-2014-01-14 (22-22-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203800
Time elapsed: 20 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 3
HKCR\AppID\{384997EE-E3BE-49C4-9ECA-C62B7C08128A} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Classes\AppID\DynConIE.DLL (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
#37
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 14 January 2014 - 11:03 PM
Great,
Go ahead and run a new scan with OTL and post the log please
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#38
XoXo_LuLu_XoXo
-
- Authentic Member
-
- 35 posts
Authentic Member
Posted 15 January 2014 - 01:47 AM
here is the requested OTL log
OTL logfile created on: 1/15/2014 1:19:24 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rose\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.49 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 64.79% Memory free
4.92 Gb Paging File | 3.81 Gb Available in Paging File | 77.46% Paging File free
Paging file location(s): c:\pagefile.sys 1530 2000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 80.63 Gb Free Space | 60.01% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.48 Gb Free Space | 51.04% Space Free | Partition Type: NTFS
Drive E: | 230.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: LULU | User Name: Rose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Users\Rose\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ()
========== Services (SafeList) ==========
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (BAVSvc) -- C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe (Baidu, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezSharedSvcHost.exe (EasyBits Software AS)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
========== Driver Services (SafeList) ==========
DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found
DRV - (catchme) -- C:\Users\Rose\AppData\Local\Temp\catchme.sys File not found
DRV - (andnetndis) -- system32\DRIVERS\lgandnetndis.sys File not found
DRV - (andnetadb) -- System32\Drivers\lgandnetadb.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DLADResM) -- C:\Windows\System32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2014/01/01 20:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\extensions
[2014/01/01 20:11:00 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\extensions\support@websteroidsapp.com
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! Online Security = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\default\extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: Google Wallet = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
O1 HOSTS File: ([2014/01/14 16:35:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E343DDE5-E345-4655-97A9-44B48425462F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Rose\Desktop\+ KaCy'S FoLdeR +\ALL GRAPHICS\June 2013 newer graphics-wallpapers\love_wallpaper_Black&White.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rose\Desktop\+ KaCy'S FoLdeR +\ALL GRAPHICS\June 2013 newer graphics-wallpapers\love_wallpaper_Black&White.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/02/27 22:21:22 | 000,000,029 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/14 22:02:25 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Rose\Desktop\JRT.exe
[2014/01/14 16:38:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/14 16:37:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/14 16:37:56 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\temp
[2014/01/14 16:21:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/14 16:21:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/14 16:21:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/14 16:20:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/14 16:20:22 | 000,000,000 | R--D | C] -- C:\Users\Rose\Desktop\Favorites
[2014/01/14 16:07:42 | 005,165,717 | R--- | C] (Swearware) -- C:\Users\Rose\Desktop\ComboFix.exe
[2014/01/14 16:04:48 | 012,217,544 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Rose\Desktop\AppRemover.exe
[2014/01/13 14:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/13 14:16:14 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/01/13 14:16:13 | 000,775,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/13 14:16:13 | 000,410,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/13 14:16:12 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/13 14:16:11 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/01/13 14:16:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/13 01:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2014/01/13 00:59:14 | 000,000,000 | ---D | C] -- C:\Windows\en
[2014/01/13 00:56:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2014/01/13 00:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2014/01/13 00:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014/01/13 00:32:35 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014/01/12 23:32:15 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\AVAST Software
[2014/01/12 18:21:33 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\KodakCredentialStore
[2014/01/12 01:10:01 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\KodakGallery
[2014/01/12 01:09:13 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Skinux
[2014/01/12 01:03:47 | 000,000,000 | ---D | C] -- C:\Users\Rose\{d97eff87-c57a-41ce-a282-e0a3026bcb2f}
[2014/01/12 00:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2014/01/12 00:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2014/01/12 00:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2014/01/12 00:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2014/01/12 00:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2014/01/04 04:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2014/01/04 03:58:12 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\Odin307
[2014/01/04 02:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/01/04 02:42:30 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\WinRAR
[2014/01/04 02:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2014/01/03 19:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
[2014/01/03 19:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2014/01/03 12:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2014/01/02 21:44:32 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\WinZip
[2014/01/01 20:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/01/01 20:14:36 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\Revo Uninstaller
[2014/01/01 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\Revo_Uninstaller_TSV4W4V2
[2013/12/31 02:45:25 | 000,013,440 | ---- | C] (June Fabrics Technology Inc.) -- C:\Windows\System32\drivers\pneteth.sys
[2013/12/31 02:16:11 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdfcoinstaller01005.dll
[2013/12/29 15:46:24 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\Google Chrome
[2013/12/23 23:40:51 | 000,000,000 | ---D | C] -- C:\Windows\Migration
========== Files - Modified Within 30 Days ==========
[2014/01/15 01:15:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/15 01:02:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/15 00:39:44 | 000,101,069 | ---- | M] () -- C:\Users\Rose\Desktop\famous-quotes-9.jpg
[2014/01/15 00:38:37 | 000,053,726 | ---- | M] () -- C:\Users\Rose\Desktop\glass-half-full-positive-quote.jpg
[2014/01/15 00:12:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 00:12:10 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/14 22:12:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cef460811b782f.job
[2014/01/14 22:11:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/14 22:02:26 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Rose\Desktop\JRT.exe
[2014/01/14 22:02:17 | 001,236,282 | ---- | M] () -- C:\Users\Rose\Desktop\AdwCleaner.exe
[2014/01/14 16:35:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/01/14 16:07:49 | 005,165,717 | R--- | M] (Swearware) -- C:\Users\Rose\Desktop\ComboFix.exe
[2014/01/14 16:05:15 | 012,217,544 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Rose\Desktop\AppRemover.exe
[2014/01/13 14:16:49 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/13 14:16:08 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/13 14:16:08 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/13 14:16:08 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/01/13 14:16:08 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/13 14:16:08 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/13 14:16:08 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/01/13 14:16:08 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/01/13 14:16:08 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/01/13 14:16:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/13 01:17:20 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
[2014/01/13 00:20:12 | 000,383,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/12 01:17:36 | 000,065,536 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2014/01/12 01:17:36 | 000,057,344 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2014/01/12 01:14:59 | 000,964,417 | ---- | M] () -- C:\Users\Rose\Desktop\000_0007.jpg
[2014/01/05 06:16:20 | 000,642,974 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/05 06:16:20 | 000,120,134 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/04 02:42:29 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/01/03 19:43:12 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2014/01/01 20:14:37 | 000,001,019 | ---- | M] () -- C:\Users\Rose\Desktop\Revo Uninstaller.lnk
[2013/12/31 02:19:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
========== Files Created - No Company Name ==========
[2014/01/15 00:39:43 | 000,101,069 | ---- | C] () -- C:\Users\Rose\Desktop\famous-quotes-9.jpg
[2014/01/15 00:38:36 | 000,053,726 | ---- | C] () -- C:\Users\Rose\Desktop\glass-half-full-positive-quote.jpg
[2014/01/14 22:02:16 | 001,236,282 | ---- | C] () -- C:\Users\Rose\Desktop\AdwCleaner.exe
[2014/01/14 16:21:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/14 16:21:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/14 16:21:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/14 16:21:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/14 16:21:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/13 14:16:49 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/13 14:16:14 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/13 14:16:12 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/01/13 01:17:20 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
[2014/01/13 00:56:01 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2014/01/13 00:54:31 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2014/01/13 00:51:40 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2014/01/12 01:17:30 | 000,964,417 | ---- | C] () -- C:\Users\Rose\Desktop\000_0007.jpg
[2014/01/12 01:09:47 | 000,065,536 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mbb
[2014/01/12 01:09:47 | 000,057,344 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mb
[2014/01/04 02:42:29 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk
[2014/01/03 19:43:12 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2014/01/01 20:14:37 | 000,001,019 | ---- | C] () -- C:\Users\Rose\Desktop\Revo Uninstaller.lnk
[2013/12/31 02:19:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
[2013/07/13 02:15:24 | 000,000,448 | ---- | C] () -- C:\Users\Rose\Downloads - Shortcut.lnk
[2013/07/11 23:27:42 | 000,003,584 | ---- | C] () -- C:\Users\Rose\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/28 18:44:14 | 000,009,878 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\wklnhst.dat
[2013/06/18 23:44:23 | 000,000,680 | ---- | C] () -- C:\Users\Rose\AppData\Local\d3d9caps.dat
[2013/02/09 03:17:36 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2013/02/09 02:35:59 | 000,773,192 | ---- | C] () -- C:\Windows\System32\ezUPBHook64.dll
[2012/12/10 02:25:26 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/12/04 21:04:06 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2012/11/25 09:34:10 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/03/22 16:48:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/10 21:43:14 | 000,000,355 | ---- | C] () -- C:\Users\Rose\Searches.lnk
========== ZeroAccess Check ==========
[2006/11/02 06:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
#39
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 15 January 2014 - 06:50 AM
Hi,
Log looks pretty good. It looks like Avast is your main Anti Virus program, but also looking at two others, with AV Software just one is needed, more than one is overkill and can hamper system performance.
C:\Program Files\ESET\ESET NOD32
C:\Program Files\Baidu Security
Go into Programs and Features in the Control Panel and see if you can uninstall them. If not you can use this program
Run AppRemover
Vista , Win 7 users, right click on the icon and select "run as administrator"
Please download AppRemover and save it to your desktop.
Let me know if you where able to uninstall them ??
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#40
XoXo_LuLu_XoXo
-
- Authentic Member
-
- 35 posts
Authentic Member
Posted 15 January 2014 - 09:58 AM
I was unable to uninstall either of those programs. When I run the AppRemover program the only thing that shows up after the initial scan checking for security programs is my Avast and you were correct when you said that is my main security program I want to keep installed. So I just exited the program and will await for my next instructions. Thank you so much for the quick responses and most of all your time
Register to Remove
#41
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 15 January 2014 - 10:09 AM
OK, lets do this
Open OTL.exe
:OTL FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe File not found SRV - (BAVSvc) -- C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe (Baidu, Inc.) :Services :Reg :Files ipconfig /flushdns /c :Commands [purity] [resethosts] [EMPTYJAVA] [emptytemp] [start explorer] [Reboot]
Then run a new scan with OTL and post the new log please <-----
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#42
XoXo_LuLu_XoXo
-
- Authentic Member
-
- 35 posts
Authentic Member
Posted 15 January 2014 - 11:07 AM
Here is the requested log file.
All processes killed
Error: Unable to interpret < > in the current context!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com deleted successfully.
File C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird not found.
Service ekrn stopped successfully!
Service ekrn deleted successfully!
File C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe File not found not found.
Service BAVSvc stopped successfully!
Service BAVSvc deleted successfully!
C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rose\Desktop\cmd.bat deleted successfully.
C:\Users\Rose\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: Rose
->Java cache emptied: 0 bytes
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Rose
->Temp folder emptied: 2506294 bytes
->Temporary Internet Files folder emptied: 1424649 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 330276705 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 301679 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 319.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01152014_110019
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#43
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 15 January 2014 - 11:32 AM
Good, let me see a new OTL log
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#44
XoXo_LuLu_XoXo
-
- Authentic Member
-
- 35 posts
Authentic Member
Posted 15 January 2014 - 01:00 PM
OTL logfile created on: 1/15/2014 12:38:29 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rose\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.49 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 61.43% Memory free
4.87 Gb Paging File | 3.67 Gb Available in Paging File | 75.26% Paging File free
Paging file location(s): c:\pagefile.sys 1530 2000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 80.36 Gb Free Space | 59.81% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.47 Gb Free Space | 51.02% Space Free | Partition Type: NTFS
Drive E: | 230.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: LULU | User Name: Rose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Users\Rose\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ()
========== Services (SafeList) ==========
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezSharedSvcHost.exe (EasyBits Software AS)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
========== Driver Services (SafeList) ==========
DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found
DRV - (catchme) -- C:\Users\Rose\AppData\Local\Temp\catchme.sys File not found
DRV - (andnetndis) -- system32\DRIVERS\lgandnetndis.sys File not found
DRV - (andnetadb) -- System32\Drivers\lgandnetadb.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DLADResM) -- C:\Windows\System32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
[2014/01/01 20:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\extensions
[2014/01/01 20:11:00 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\extensions\support@websteroidsapp.com
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! Online Security = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\default\extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: Google Wallet = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
O1 HOSTS File: ([2014/01/15 11:00:22 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E343DDE5-E345-4655-97A9-44B48425462F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Rose\Desktop\+ KaCy'S FoLdeR +\ALL GRAPHICS\June 2013 newer graphics-wallpapers\love_wallpaper_Black&White.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rose\Desktop\+ KaCy'S FoLdeR +\ALL GRAPHICS\June 2013 newer graphics-wallpapers\love_wallpaper_Black&White.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/15 07:42:37 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\Jose
[2014/01/14 22:02:25 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Rose\Desktop\JRT.exe
[2014/01/14 16:38:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/14 16:37:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/14 16:37:56 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\temp
[2014/01/14 16:21:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/14 16:21:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/14 16:21:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/14 16:20:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/14 16:20:22 | 000,000,000 | R--D | C] -- C:\Users\Rose\Desktop\Favorites
[2014/01/14 16:07:42 | 005,165,717 | R--- | C] (Swearware) -- C:\Users\Rose\Desktop\ComboFix.exe
[2014/01/14 16:04:48 | 012,217,544 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Rose\Desktop\AppRemover.exe
[2014/01/13 14:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/01/13 14:16:14 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/01/13 14:16:13 | 000,775,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/13 14:16:13 | 000,410,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/13 14:16:12 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/13 14:16:11 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/01/13 14:16:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/13 01:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2014/01/13 00:59:14 | 000,000,000 | ---D | C] -- C:\Windows\en
[2014/01/13 00:56:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2014/01/13 00:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2014/01/13 00:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2014/01/12 23:32:15 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\AVAST Software
[2014/01/12 18:21:33 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\KodakCredentialStore
[2014/01/12 01:10:01 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\KodakGallery
[2014/01/12 01:09:13 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Skinux
[2014/01/12 01:03:47 | 000,000,000 | ---D | C] -- C:\Users\Rose\{d97eff87-c57a-41ce-a282-e0a3026bcb2f}
[2014/01/12 00:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2014/01/12 00:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2014/01/12 00:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2014/01/12 00:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2014/01/12 00:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2014/01/04 04:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2014/01/04 03:58:12 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\Odin307
[2014/01/04 02:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/01/04 02:42:30 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\WinRAR
[2014/01/04 02:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2014/01/03 19:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect
[2014/01/03 19:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2014/01/03 12:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog
[2014/01/02 21:44:32 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\WinZip
[2014/01/01 20:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/01/01 20:14:36 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\Revo Uninstaller
[2014/01/01 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\Revo_Uninstaller_TSV4W4V2
[2013/12/31 02:45:25 | 000,013,440 | ---- | C] (June Fabrics Technology Inc.) -- C:\Windows\System32\drivers\pneteth.sys
[2013/12/31 02:16:11 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdfcoinstaller01005.dll
[2013/12/29 15:46:24 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\Google Chrome
[2013/12/23 23:40:51 | 000,000,000 | ---D | C] -- C:\Windows\Migration
========== Files - Modified Within 30 Days ==========
[2014/01/15 12:32:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cef460811b782f.job
[2014/01/15 12:31:54 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 12:31:54 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 12:31:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/15 11:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/15 11:00:22 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/01/15 10:02:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/15 07:42:04 | 000,383,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/14 22:02:26 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Rose\Desktop\JRT.exe
[2014/01/14 22:02:17 | 001,236,282 | ---- | M] () -- C:\Users\Rose\Desktop\AdwCleaner.exe
[2014/01/14 16:07:49 | 005,165,717 | R--- | M] (Swearware) -- C:\Users\Rose\Desktop\ComboFix.exe
[2014/01/14 16:05:15 | 012,217,544 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Rose\Desktop\AppRemover.exe
[2014/01/13 14:16:49 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/13 14:16:08 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/01/13 14:16:08 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/01/13 14:16:08 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/01/13 14:16:08 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/13 14:16:08 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/01/13 14:16:08 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/01/13 14:16:08 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2014/01/13 14:16:08 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/01/13 14:16:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/13 01:17:20 | 000,000,042 | ---- | M] () -- C:\Windows\System32\AK083E209605E394C.lie
[2014/01/12 01:17:36 | 000,065,536 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2014/01/12 01:17:36 | 000,057,344 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2014/01/05 06:16:20 | 000,642,974 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/05 06:16:20 | 000,120,134 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/03 19:43:12 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2014/01/01 20:14:37 | 000,001,019 | ---- | M] () -- C:\Users\Rose\Desktop\Revo Uninstaller.lnk
[2013/12/31 02:19:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
========== Files Created - No Company Name ==========
[2014/01/14 22:02:16 | 001,236,282 | ---- | C] () -- C:\Users\Rose\Desktop\AdwCleaner.exe
[2014/01/14 16:21:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/14 16:21:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/14 16:21:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/14 16:21:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/14 16:21:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/13 14:16:49 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/01/13 14:16:14 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/01/13 14:16:12 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/01/13 01:17:20 | 000,000,042 | ---- | C] () -- C:\Windows\System32\AK083E209605E394C.lie
[2014/01/13 00:56:01 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2014/01/13 00:54:31 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2014/01/13 00:51:40 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2014/01/12 01:09:47 | 000,065,536 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mbb
[2014/01/12 01:09:47 | 000,057,344 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mb
[2014/01/03 19:43:12 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk
[2014/01/01 20:14:37 | 000,001,019 | ---- | C] () -- C:\Users\Rose\Desktop\Revo Uninstaller.lnk
[2013/12/31 02:19:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
[2013/07/13 02:15:24 | 000,000,448 | ---- | C] () -- C:\Users\Rose\Downloads - Shortcut.lnk
[2013/07/11 23:27:42 | 000,003,584 | ---- | C] () -- C:\Users\Rose\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/28 18:44:14 | 000,009,878 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\wklnhst.dat
[2013/06/18 23:44:23 | 000,000,680 | ---- | C] () -- C:\Users\Rose\AppData\Local\d3d9caps.dat
[2013/02/09 03:17:36 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2013/02/09 02:35:59 | 000,773,192 | ---- | C] () -- C:\Windows\System32\ezUPBHook64.dll
[2012/12/10 02:25:26 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/12/04 21:04:06 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2012/11/25 09:34:10 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/03/22 16:48:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/10 21:43:14 | 000,000,355 | ---- | C] () -- C:\Users\Rose\Searches.lnk
========== ZeroAccess Check ==========
[2006/11/02 06:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
#45
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 15 January 2014 - 01:18 PM
Looking good 
How is your system behaving now ?????
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
