Hi - Needing your help with a lot of different issues.
1. Possible malware/virus=Websearch. Searchnewtab, keyword Hijacker, safesaverBHO, searchwebs, statcounter, zedo. Spybot Search &Destroy found on 11/23/2013 and are quaranteed.
2. Email - have been receiving false emails that use a contacts name and include a link that takes you to a site and downloads something before you can even shut the page down.
3- Internet Explorer wont work correctly. The initial page loads but will freeze if I try to go to another page.
4. Windows Update - When I check for updates or if set to automatically check for updates, I no longer have the option to look at the updates needed. It will just say the computer needs to shut down to update. Within a minute after restarting, Windows Update will say it needs to update and shut down again. The only update that shows since 9/1/2013 has been for Microsoft Sec Essentials. Definition Update for Microsoft Security Essentials (KB2310138) updated 73 times (all successful) since 10/1/2013. Im sure there has been other updates needed.
OTL only produced 1 log, so I also included the HJT log.
Thank you. Happy New Year!
-NoNo
OTL LOG:
OTL logfile created on: 1/3/2014 6:00:15 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gogo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.93 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 59.48% Memory free
6.09 Gb Paging File | 5.00 Gb Available in Paging File | 82.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 145.14 Gb Free Space | 50.54% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.28 Gb Free Space | 11.68% Space Free | Partition Type: NTFS
Computer Name: GOGO | User Name: gogo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\gogo\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SMINST\BLService.exe ()
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (EpsonCustomerParticipation) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbr) -- C:\Users\gogo\AppData\Local\Temp\mbr.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\gogo\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (SRS_AE_Service) -- C:\Windows\System32\drivers\SRS_AE_i386.sys ()
DRV - (ssrangdr) -- C:\Windows\System32\drivers\ssrangdr.sys (SupportSoft Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.msn.com/
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.bing.com/
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.bing.com/
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\..\SearchScopes,DefaultScope = {105E99FF-8B9A-4492-B155-06194B9056D2}
IE - HKU\S-1-5-21-90010376-98873278-4205430638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:19.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\gogo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2010/03/04 14:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Extensions
[2010/03/04 14:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/29 08:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\extensions
[2010/03/29 08:32:17 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\extensions\textlinks@playsushi.com
[2013/11/16 21:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions
[2013/08/01 02:37:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013/07/29 23:39:09 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(235)
[2013/06/20 16:53:34 | 000,000,000 | ---D | M] (YouTube™ Anywhere Player) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a}
[2013/11/16 21:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged
[2013/05/13 21:11:08 | 000,615,445 | ---- | M] () (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\testpilot@labs.mozilla.com.xpi
[2013/08/01 00:16:50 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
========== Chrome ==========
CHR - default_search_provider: Bing (Enabled)
CHR - plugin: Widevine Content Decryption Module (Disabled) = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Program Files\Roblox\Versions\version-bce30591d031432c\\NPRobloxProxy.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Disabled) = C:\Users\gogo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: SOE Web Installer (Disabled) = C:\Users\gogo\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\CONFLICT.1\npsoe.dll
CHR - plugin: Picasa (Disabled) = C:\Users\gogo\Downloads\Picasa3\npPicasa3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: City Sights - Hello Seattle! = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jihilfhlglomedabonpgmihgbicgpilk\0.2_0\
CHR - Extension: Vaudix = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\
CHR - Extension: Google Wallet = C:\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
O1 HOSTS File: ([2014/01/01 09:24:46 | 000,449,836 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15468 more lines...
O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-90010376-98873278-4205430638-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-90010376-98873278-4205430638-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C922B5CC-8097-4DF3-B14B-264696D80453}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\gogo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\gogo\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/01/03 17:52:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\gogo\Desktop\HiJackThis.exe
[2014/01/03 17:24:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gogo\Desktop\OTL.exe
[2014/01/03 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/31 15:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/06 00:41:21 | 000,000,000 | ---D | C] -- C:\Users\gogo\Documents\ProcAlyzer Dumps
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/03 17:53:10 | 000,625,664 | ---- | M] () -- C:\Users\gogo\Desktop\dds.scr
[2014/01/03 17:52:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\gogo\Desktop\HiJackThis.exe
[2014/01/03 17:41:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 17:41:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 17:24:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gogo\Desktop\OTL.exe
[2014/01/03 17:15:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/03 15:42:09 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/03 15:42:08 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/01/03 15:41:37 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/01 09:24:46 | 000,449,836 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/12/25 03:58:43 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/12/25 03:58:32 | 000,449,836 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140101-092446.backup
[2013/12/20 07:47:36 | 000,001,698 | ---- | M] () -- C:\Users\gogo\Desktop\cells def.rtf
[2013/12/17 02:04:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/16 23:00:09 | 000,000,100 | ---- | M] () -- C:\Windows\wininit.ini
[2013/12/05 10:25:25 | 000,001,076 | ---- | M] () -- C:\Users\gogo\Desktop\ROBLOX Player.lnk
[2013/12/05 10:25:25 | 000,000,899 | ---- | M] () -- C:\Users\gogo\Desktop\ROBLOX Studio 2013.lnk
[2013/12/04 21:47:44 | 000,002,191 | ---- | M] () -- C:\Users\gogo\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/03 17:52:30 | 000,625,664 | ---- | C] () -- C:\Users\gogo\Desktop\dds.scr
[2013/12/18 19:56:29 | 000,001,698 | ---- | C] () -- C:\Users\gogo\Desktop\cells def.rtf
[2013/12/16 23:00:09 | 000,000,100 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/23 23:58:32 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/09/19 02:04:01 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2013/09/19 00:21:10 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-GOGO-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
[2013/08/12 21:33:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/12 21:33:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/12 21:33:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/12 21:33:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/12 21:33:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 23:49:24 | 000,000,036 | ---- | C] () -- C:\Users\gogo\AppData\Local\housecall.guid.cache
[2013/03/15 22:22:28 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/15 22:22:28 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/11/26 15:39:32 | 000,583,306 | ---- | C] () -- C:\Users\gogo\AppData\Roaming\technic-launcher.jar
[2012/06/16 15:48:43 | 000,404,256 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AE_i386.sys
[2012/02/07 14:14:11 | 000,000,094 | ---- | C] () -- C:\Windows\EART730.ini
[2011/05/22 08:04:02 | 000,011,316 | -HS- | C] () -- C:\ProgramData\mssfsi1vlq8g1bx8lmkcbl8
[2011/03/26 18:13:54 | 000,193,536 | ---- | C] () -- C:\Users\gogo\yeah.MSWMM
[2010/07/21 22:53:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/30 13:41:15 | 000,000,069 | ---- | C] () -- C:\Users\gogo\jagex_runescape_preferences2.dat
[2010/01/30 13:40:21 | 000,000,039 | ---- | C] () -- C:\Users\gogo\jagex_runescape_preferences.dat
[2009/09/28 18:22:45 | 000,003,804 | ---- | C] () -- C:\Users\gogo\AppData\Roaming\wklnhst.dat
[2009/09/15 16:47:40 | 000,001,356 | ---- | C] () -- C:\Users\gogo\AppData\Local\d3d9caps.dat
[2009/08/28 17:57:16 | 000,119,296 | ---- | C] () -- C:\Users\gogo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/26 23:35:33 | 000,000,632 | RHS- | C] () -- C:\Users\gogo\ntuser.pol
[2009/08/22 23:36:47 | 000,024,206 | ---- | C] () -- C:\Users\gogo\AppData\Roaming\UserTile.png
[2009/07/31 10:08:01 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
========== ZeroAccess Check ==========
[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/06/26 11:40:39 | 000,000,000 | ---D | M] -- C:\Users\Daisy\AppData\Roaming\Epson
[2013/02/02 15:44:35 | 000,000,000 | ---D | M] -- C:\Users\Daisy\AppData\Roaming\IrfanView
[2013/08/01 02:37:08 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\.minecraft
[2013/07/21 17:56:25 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\.technic
[2012/11/26 15:41:56 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\.techniclauncher
[2010/01/20 15:59:13 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/11/26 23:11:18 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Dropbox
[2012/06/16 18:28:58 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Epson
[2010/11/30 14:31:45 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Flood Light Games
[2013/11/29 13:38:18 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Games
[2011/08/09 12:25:59 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\go
[2011/02/24 12:15:24 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Instant Housecall
[2009/10/23 14:30:27 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\IronCode
[2012/02/08 06:30:44 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Leader Technologies
[2012/02/07 14:40:51 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Leadertech
[2012/11/26 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\logs
[2009/08/22 23:36:47 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\PeerNetworking
[2009/12/24 13:14:14 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\SBTT
[2009/09/25 20:12:42 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Shape games
[2009/08/19 13:56:27 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\SupportSoft
[2013/10/04 11:16:39 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\SystemRequirementsLab
[2009/09/28 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\gogo\AppData\Roaming\Template
[2013/11/25 16:13:25 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\.minecraft
[2013/07/31 10:52:45 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\.technic
[2013/06/28 19:37:49 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\.techniclauncher
[2012/10/09 23:26:44 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/12/02 20:35:43 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Dropbox
[2012/10/23 21:18:28 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Epson
[2010/01/18 10:39:47 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\funkitron
[2013/01/29 13:52:28 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\IrfanView
[2010/10/15 16:48:12 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Jane s Hotel
[2012/02/07 15:58:11 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Leader Technologies
[2010/03/07 14:13:13 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\LimeWire
[2013/07/05 19:29:11 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\logs
[2013/01/14 15:46:39 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\MoreTerra
[2011/12/25 13:12:14 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Origin
[2010/11/20 07:39:34 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\PlayFirst
[2010/04/30 20:11:34 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Shape games
[2013/10/04 11:09:56 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\SystemRequirementsLab
[2010/05/07 14:57:48 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Template
[2011/11/24 14:25:15 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\Unity
[2009/08/29 06:41:10 | 000,000,000 | ---D | M] -- C:\Users\Kids\AppData\Roaming\WildTangent
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.EXE >
[2009/04/20 03:38:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/20 03:37:59 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/20 03:37:59 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2012/11/13 13:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2009/04/20 03:38:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 18:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: EXPLORER.EXE.MUI >
[2006/11/02 04:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 04:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui
< MD5 for: IEXPLORE.BAT >
[2013/04/20 23:58:12 | 000,029,803 | ---- | M] () MD5=E4B95882FB080670179EA3605395889B -- C:\JRT\iexplore.bat
< MD5 for: IEXPLORE.EXE >
[2009/04/20 03:41:17 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2009/04/20 03:25:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=182CAF7403705ACCB51211A761080B8F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[2009/07/18 04:16:49 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D5A01AA2DE47C052AF46D7EBCB003A3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[2009/07/18 13:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D8163DBFECAEDB9C48C5F55084BC491 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[2009/04/10 22:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2013/09/08 12:19:12 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=57EC630DBD5F0713E77CB3540AB80A8E -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/09/08 12:19:12 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=57EC630DBD5F0713E77CB3540AB80A8E -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16502_none_58c03951eb98ec82\iexplore.exe
[2008/01/20 18:23:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2009/04/19 20:56:28 | 000,060,416 | ---- | M] () MD5=753BC16326FEE4A421ACB636CCD602F4 -- C:\ComboFix\iexplore.exe
[2009/07/18 04:16:45 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=7FCF4E704A48D95202F3E7A1E1A21412 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[2009/04/20 03:25:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9437CA21CD48C9B6BFD6F5AC0143D251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[2005/08/15 09:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\ComboFix\en-US\iexplore.exe
[2009/07/18 03:55:42 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=EBEE9E4421F35CD861107DDA0266FBB1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[2013/05/28 18:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=EE12BA876C4190532A4085994BA9B616 -- C:\Windows\erdnt\cache\iexplore.exe
[2009/04/20 03:41:17 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
< MD5 for: IEXPLORE.EXE.LOCAL >
[2011/12/20 12:37:28 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Program Files\Internet Explorer\iexplore.exe.local
< MD5 for: IEXPLORE.EXE.MUI >
[2006/11/02 04:41:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
[2013/09/08 12:19:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/09/08 12:19:15 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_52562cc123574ecd\iexplore.exe.mui
< MD5 for: SERVICES >
[2006/09/18 13:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 13:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
< MD5 for: SERVICES.CFG >
[2013/09/03 05:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
< MD5 for: SERVICES.DAT >
[2013/04/21 19:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat
< MD5 for: SERVICES.EXE >
[2008/01/20 18:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 22:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/10 22:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 22:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 04:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 04:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
< MD5 for: SERVICES.LNK >
[2008/01/20 18:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 18:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2006/09/18 13:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 13:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 13:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
< MD5 for: SERVICES.MSC >
[2006/11/02 04:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 13:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 04:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 13:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
< MD5 for: SERVICES.SBS >
[2011/03/01 07:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy 2\Includes\Services.sbs
< MD5 for: WINLOGON.EXE >
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 18:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2008/01/20 18:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2008/01/20 18:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 04:40:50 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui
< MD5 for: WINLOGON.MOF >
[2006/09/18 13:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 13:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof
< %SYSTEMDRIVE%\*.* >
[2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2013/08/12 21:53:20 | 000,016,177 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2014/01/03 15:41:37 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/03 15:41:36 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys
[2013/08/06 13:26:08 | 000,103,680 | ---- | M] (GMER) -- C:\pxldqpog.sys
[2011/11/11 23:56:59 | 000,000,184 | ---- | M] () -- C:\setup.log
[2013/08/10 23:35:35 | 000,130,780 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_11.08.2013_00.19.04_log.txt
< %systemroot%\Fonts\*.com >
[2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/05 09:20:49 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 13:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2013/05/01 15:33:35 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/01/20 18:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 2DF8-C431
Directory of C:\
11/02/2006 05:02 AM <JUNCTION> Documents and Settings [..]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 05:02 AM <JUNCTION> Application Data [..]
11/02/2006 05:02 AM <JUNCTION> Desktop [..]
11/02/2006 05:02 AM <JUNCTION> Documents [..]
11/02/2006 05:02 AM <JUNCTION> Favorites [..]
11/02/2006 05:02 AM <JUNCTION> Start Menu [..]
11/02/2006 05:02 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 05:02 AM <SYMLINKD> All Users [c:\ProgramData]
11/02/2006 05:02 AM <JUNCTION> Default User [..]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 05:02 AM <JUNCTION> Application Data [..]
11/02/2006 05:02 AM <JUNCTION> Desktop [..]
11/02/2006 05:02 AM <JUNCTION> Documents [..]
11/02/2006 05:02 AM <JUNCTION> Favorites [..]
11/02/2006 05:02 AM <JUNCTION> Start Menu [..]
11/02/2006 05:02 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Daisy
06/26/2012 11:40 AM <JUNCTION> Application Data [C:\Users\Daisy\AppData\Roaming]
06/26/2012 11:40 AM <JUNCTION> Cookies [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Cookies]
06/26/2012 11:40 AM <JUNCTION> Local Settings [C:\Users\Daisy\AppData\Local]
06/26/2012 11:40 AM <JUNCTION> My Documents [C:\Users\Daisy\Documents]
06/26/2012 11:40 AM <JUNCTION> NetHood [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/26/2012 11:40 AM <JUNCTION> PrintHood [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/26/2012 11:40 AM <JUNCTION> Recent [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Recent]
06/26/2012 11:40 AM <JUNCTION> SendTo [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\SendTo]
06/26/2012 11:40 AM <JUNCTION> Start Menu [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu]
06/26/2012 11:40 AM <JUNCTION> Templates [C:\Users\Daisy\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Daisy\AppData\Local
06/26/2012 11:40 AM <JUNCTION> Application Data [C:\Users\Daisy\AppData\Local]
06/26/2012 11:40 AM <JUNCTION> History [C:\Users\Daisy\AppData\Local\Microsoft\Windows\History]
06/26/2012 11:40 AM <JUNCTION> Temporary Internet Files [C:\Users\Daisy\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Daisy\Documents
06/26/2012 11:40 AM <JUNCTION> My Music [C:\Users\Daisy\Music]
06/26/2012 11:40 AM <JUNCTION> My Pictures [C:\Users\Daisy\Pictures]
06/26/2012 11:40 AM <JUNCTION> My Videos [C:\Users\Daisy\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 05:02 AM <JUNCTION> Application Data [..]
11/02/2006 05:02 AM <JUNCTION> Local Settings [..]
11/02/2006 05:02 AM <JUNCTION> My Documents [..]
11/02/2006 05:02 AM <JUNCTION> NetHood [..]
11/02/2006 05:02 AM <JUNCTION> PrintHood [..]
11/02/2006 05:02 AM <JUNCTION> Recent [..]
11/02/2006 05:02 AM <JUNCTION> SendTo [..]
11/02/2006 05:02 AM <JUNCTION> Start Menu [..]
11/02/2006 05:02 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 05:02 AM <JUNCTION> Application Data [..]
11/02/2006 05:02 AM <JUNCTION> History [..]
11/02/2006 05:02 AM <JUNCTION> Temporary Internet Files [..]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 05:02 AM <JUNCTION> My Music [..]
11/02/2006 05:02 AM <JUNCTION> My Pictures [..]
11/02/2006 05:02 AM <JUNCTION> My Videos [..]
0 File(s) 0 bytes
Directory of C:\Users\gogo
08/19/2009 01:46 PM <JUNCTION> Application Data [C:\Users\gogo\AppData\Roaming]
08/19/2009 01:46 PM <JUNCTION> Cookies [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Cookies]
08/19/2009 01:46 PM <JUNCTION> Local Settings [C:\Users\gogo\AppData\Local]
08/19/2009 01:46 PM <JUNCTION> My Documents [C:\Users\gogo\Documents]
08/19/2009 01:46 PM <JUNCTION> NetHood [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/19/2009 01:46 PM <JUNCTION> PrintHood [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/19/2009 01:46 PM <JUNCTION> Recent [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Recent]
08/19/2009 01:46 PM <JUNCTION> SendTo [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\SendTo]
08/19/2009 01:46 PM <JUNCTION> Start Menu [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu]
08/19/2009 01:46 PM <JUNCTION> Templates [C:\Users\gogo\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\gogo\AppData\Local
08/19/2009 01:46 PM <JUNCTION> Application Data [C:\Users\gogo\AppData\Local]
08/19/2009 01:46 PM <JUNCTION> History [C:\Users\gogo\AppData\Local\Microsoft\Windows\History]
08/19/2009 01:46 PM <JUNCTION> Temporary Internet Files [C:\Users\gogo\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\gogo\Documents
08/19/2009 01:46 PM <JUNCTION> My Music [C:\Users\gogo\Music]
08/19/2009 01:46 PM <JUNCTION> My Pictures [C:\Users\gogo\Pictures]
08/19/2009 01:46 PM <JUNCTION> My Videos [C:\Users\gogo\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Kids
08/27/2009 05:07 PM <JUNCTION> Application Data [C:\Users\Kids\AppData\Roaming]
08/27/2009 05:07 PM <JUNCTION> Cookies [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Cookies]
08/27/2009 05:07 PM <JUNCTION> Local Settings [C:\Users\Kids\AppData\Local]
08/27/2009 05:07 PM <JUNCTION> My Documents [C:\Users\Kids\Documents]
08/27/2009 05:07 PM <JUNCTION> NetHood [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/27/2009 05:07 PM <JUNCTION> PrintHood [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/27/2009 05:07 PM <JUNCTION> Recent [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Recent]
08/27/2009 05:07 PM <JUNCTION> SendTo [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\SendTo]
08/27/2009 05:07 PM <JUNCTION> Start Menu [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu]
08/27/2009 05:07 PM <JUNCTION> Templates [C:\Users\Kids\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Kids\AppData\Local
08/27/2009 05:07 PM <JUNCTION> Application Data [C:\Users\Kids\AppData\Local]
08/27/2009 05:07 PM <JUNCTION> History [C:\Users\Kids\AppData\Local\Microsoft\Windows\History]
08/27/2009 05:07 PM <JUNCTION> Temporary Internet Files [C:\Users\Kids\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Kids\Documents
08/27/2009 05:07 PM <JUNCTION> My Music [C:\Users\Kids\Music]
08/27/2009 05:07 PM <JUNCTION> My Pictures [C:\Users\Kids\Pictures]
08/27/2009 05:07 PM <JUNCTION> My Videos [C:\Users\Kids\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 05:02 AM <JUNCTION> My Music [c:\Users\Public\Music]
11/02/2006 05:02 AM <JUNCTION> My Pictures [c:\Users\Public\Pictures]
11/02/2006 05:02 AM <JUNCTION> My Videos [c:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
04/20/2009 04:29 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
04/20/2009 04:29 AM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
04/20/2009 04:29 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
04/20/2009 04:29 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/20/2009 04:29 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/20/2009 04:29 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
04/20/2009 04:29 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
04/20/2009 04:29 AM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
04/20/2009 04:29 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
04/20/2009 04:29 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
04/20/2009 04:29 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
04/20/2009 04:29 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
04/20/2009 04:29 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
04/20/2009 04:29 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
04/20/2009 04:29 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
96 Dir(s) 155,714,809,856 bytes free
< %systemroot%\System32\config\*.sav >
[2008/01/20 19:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 19:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 19:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/06/25 23:38:10 | 000,000,286 | -HS- | M] () -- C:\Users\gogo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2013/10/22 09:51:28 | 005,136,138 | R--- | M] (Swearware) -- C:\Users\gogo\Desktop\ComboFix.exe
[2014/01/03 17:52:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\gogo\Desktop\HiJackThis.exe
[2014/01/03 17:24:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gogo\Desktop\OTL.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
[2011/12/19 02:04:46 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-10-16 12:50:22
< >
[2006/11/02 05:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 05:01:49 | 000,032,568 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/31 10:19:34 | 000,000,878 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/10/31 10:19:36 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/06/04 22:31:22 | 000,000,318 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForKids.job
[2013/05/13 18:54:50 | 000,000,620 | ---- | C] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2013/05/13 18:54:54 | 000,000,616 | ---- | C] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/05/13 18:54:56 | 000,000,446 | ---- | C] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2013/05/13 21:31:19 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/06/22 20:59:23 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-90010376-98873278-4205430638-1000Core.job
[2013/06/22 20:59:25 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-90010376-98873278-4205430638-1000UA.job
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AA6C7C38
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:B1FBBD09
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:7757A6D4
< End of report >
-------------------------------------------------------------------------------------------------------------------------------
HJT LOG:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:55:52 PM, on 1/3/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16502)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\gogo\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
O2 - BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Google Update Service (gupdate1ce11e97cd4f97c) (gupdate1ce11e97cd4f97c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6224 bytes