Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91603 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

pop ups "from" google in Firefox [Solved]


  • This topic is locked This topic is locked
30 replies to this topic

#16 1695814

1695814

    Authentic Member

  • Authentic Member
  • PipPip
  • 84 posts

Posted 16 January 2014 - 06:43 PM

Here are the "Run Fix" results.  I'll go ahead and run the "Run Scan" now.

 

All processes killed
========== OTL ==========
C:\Users\Kati\AppData\Roaming\Mozilla\Firefox\Profiles\j8w3blzc.default\extensions\9.hpeuy@yooe-rioe.co.uk\content folder moved successfully.
C:\Users\Kati\AppData\Roaming\Mozilla\Firefox\Profiles\j8w3blzc.default\extensions\9.hpeuy@yooe-rioe.co.uk folder moved successfully.
Folder C:\Users\Kati\AppData\Roaming\Mozilla\Firefox\Profiles\j8w3blzc.default\extensions\rear.3r@yafaay.net\ not found.
C:\Program Files\dealpaeaaukk folder moved successfully.
C:\Program Files\saviunGotoyouu folder moved successfully.
C:\ProgramData\saviunGotoyouu folder moved successfully.
C:\ProgramData\nlhognilkdpjokfgaleihbdfbnpccppd folder moved successfully.
C:\ProgramData\68e13f3284337b31 folder moved successfully.
C:\ProgramData\dealpaeaaukk folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kati\Desktop\cmd.bat deleted successfully.
C:\Users\Kati\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Kati
->Java cache emptied: 0 bytes
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kati
->Temp folder emptied: 2288197 bytes
->Temporary Internet Files folder emptied: 34148156 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19108524 bytes
->Google Chrome cache emptied: 7189725 bytes
->Flash cache emptied: 80094 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 195056523 bytes
RecycleBin emptied: 1126780549 bytes
 
Total Files Cleaned = 1,321.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01162014_075304

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


    Advertisements

Register to Remove


#17 1695814

1695814

    Authentic Member

  • Authentic Member
  • PipPip
  • 84 posts

Posted 16 January 2014 - 08:12 PM

Here is the OTL scan:

 

OTL logfile created on: 1/16/2014 6:44:21 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kati\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.50% Memory free
4.21 Gb Paging File | 3.17 Gb Available in Paging File | 75.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 10.70 Gb Free Space | 14.35% Space Free | Partition Type: NTFS
 
Computer Name: GEORGE | User Name: Kati | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\System32\rpcnetp.exe ()
PRC - C:\Users\Kati\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
PRC - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
PRC - C:\Program Files\BOINC\boinc.exe (World Community Grid)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\BOINC\zlib1.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (GTIPCI21) -- C:\Windows\System32\drivers\gtipci21.sys (Texas Instruments)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A CB 03 81 75 0E CF 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/08/07 21:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kati\AppData\Roaming\Mozilla\Extensions
[2014/01/16 07:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kati\AppData\Roaming\Mozilla\Firefox\Profiles\j8w3blzc.default\extensions
[2014/01/05 10:15:31 | 000,000,000 | ---D | M] (saviunGotoyouu) -- C:\Users\Kati\AppData\Roaming\Mozilla\Firefox\Profiles\j8w3blzc.default\extensions\rear.3r@yafaay.net
[2013/11/24 12:32:57 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Kati\AppData\Roaming\Mozilla\Firefox\Profiles\j8w3blzc.default\extensions\support@lastpass.com
[2013/12/20 11:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/20 11:59:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - Extension: avast! Online Security = C:\Users\Kati\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
CHR - Extension: Google Wallet = C:\Users\Kati\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2014/01/16 07:53:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [HP Officejet 6700 (NET)] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Users\Kati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: LastPass - file://C:\Users\Kati\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Kati\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80076C00-EDAA-4215-96BE-0E5C5DDC6CF6}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD0B6413-E9C5-4947-B6D8-714D4C14D320}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD0B6413-E9C5-4947-B6D8-714D4C14D320}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Kati\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kati\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ee927a7e-3250-11e3-ac07-00e0b8cdabba}\Shell - "" = AutoRun
O33 - MountPoints2\{ee927a7e-3250-11e3-ac07-00e0b8cdabba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/16 07:53:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/15 08:02:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kati\Desktop\OTL.exe
[2014/01/14 20:02:36 | 091,412,976 | ---- | C] (AVAST Software) -- C:\Users\Kati\Desktop\avast_free_antivirus_setup.exe
[2014/01/14 08:35:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/14 07:42:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/14 07:41:39 | 000,000,000 | ---D | C] -- C:\Users\Kati\Desktop\GooredFix Backups
[2014/01/14 07:40:22 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Kati\Desktop\JRT.exe
[2014/01/14 07:38:24 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Kati\Desktop\GooredFix.exe
[2014/01/13 19:18:36 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Kati\Desktop\aswMBR.exe
[2014/01/13 19:14:40 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Kati\Desktop\dds.scr
[2014/01/12 16:57:55 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kati\Desktop\HiJackThis.exe
[2014/01/11 21:52:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2014/01/11 21:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/01/11 21:44:06 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2014/01/11 21:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/01/11 21:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/01/11 12:13:41 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/01/10 21:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/01/10 21:32:00 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2014/01/10 21:32:00 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2014/01/10 21:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2014/01/10 21:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2014/01/10 21:15:42 | 000,000,000 | ---D | C] -- C:\Users\Kati\AppData\Roaming\Malwarebytes
[2014/01/10 21:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/10 21:14:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/01/10 21:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/20 11:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/08 20:09:39 | 011,019,776 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/16 18:40:52 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/01/16 18:40:50 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/16 18:40:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/16 18:35:01 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2014/01/16 18:34:57 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/16 18:34:57 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/16 18:34:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/16 18:34:39 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/16 18:34:29 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2014/01/16 18:32:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/16 07:53:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/01/15 08:03:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kati\Desktop\OTL.exe
[2014/01/15 08:01:26 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/01/14 20:43:37 | 091,412,976 | ---- | M] (AVAST Software) -- C:\Users\Kati\Desktop\avast_free_antivirus_setup.exe
[2014/01/14 07:40:36 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Kati\Desktop\JRT.exe
[2014/01/14 07:39:30 | 001,236,282 | ---- | M] () -- C:\Users\Kati\Desktop\AdwCleaner.exe
[2014/01/14 07:38:29 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Kati\Desktop\GooredFix.exe
[2014/01/14 07:37:34 | 000,043,008 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2014/01/13 19:34:03 | 000,000,512 | ---- | M] () -- C:\Users\Kati\Desktop\MBR.dat
[2014/01/13 19:23:40 | 000,002,153 | ---- | M] () -- C:\Users\Kati\Desktop\attach.zip
[2014/01/13 19:19:13 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Kati\Desktop\aswMBR.exe
[2014/01/13 19:15:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Kati\Desktop\dds.scr
[2014/01/12 16:58:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kati\Desktop\HiJackThis.exe
[2014/01/12 12:14:09 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/01/11 21:44:18 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/01/11 12:21:29 | 000,642,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/11 12:21:29 | 000,119,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/10 21:32:00 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/01/10 21:14:32 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
 
========== Files Created - No Company Name ==========
 
[2014/01/14 07:39:04 | 001,236,282 | ---- | C] () -- C:\Users\Kati\Desktop\AdwCleaner.exe
[2014/01/13 19:34:03 | 000,000,512 | ---- | C] () -- C:\Users\Kati\Desktop\MBR.dat
[2014/01/13 19:23:40 | 000,002,153 | ---- | C] () -- C:\Users\Kati\Desktop\attach.zip
[2014/01/11 21:44:49 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/01/11 21:44:46 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/01/11 21:44:43 | 000,000,644 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/01/11 21:44:18 | 000,001,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/01/11 21:44:18 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/01/11 10:37:53 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2014/01/10 21:32:00 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/01/10 21:14:32 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/05 20:09:39 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2013/08/27 20:44:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/08/11 13:37:48 | 000,003,584 | ---- | C] () -- C:\Users\Kati\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/09 02:09:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/08/09 02:09:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013/08/09 02:08:21 | 000,643,072 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2013/08/09 02:06:49 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/08/08 19:49:50 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/08/08 19:49:50 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/08/08 19:49:50 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/08/07 21:49:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/08/07 20:29:20 | 000,001,356 | ---- | C] () -- C:\Users\Kati\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 06:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 



#18 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,203 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 17 January 2014 - 12:25 AM

Hi,
 
Are you still getting redirects with Firefox ?
 
What can you tell  me about this 
rear.3r@yafaay.net
 
Go through Firefox and see if any of these are listed and remove them
 
dealpaeaaukk
saviunGotoyouu
 
  • Open Firefox
  • Up on the Top Right in the Search Box , click on the down arrow and select Manage Search Engines 
  • Highlite the one you want to remove and select Delete
  •  
     
  • Open FireFox
  • Go to Tools > Add-ons > Extensions > Remove 
  • Plugins > Never Activate 
  •  
     
  • Open Firefox
  • Go to Help
  • Restart with Add-ons Disabled
  •  
    If the above is not listed than do this
     
  • Open Firefox
  • Click on Help > Troubleshooting Information > Reset Firefox to its default state

  •  

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #19 1695814

    1695814

      Authentic Member

    • Authentic Member
    • PipPip
    • 84 posts

    Posted 17 January 2014 - 07:43 AM

    I haven't had a redirect in a while now.

     

    I don't know what rear.3r@yafaay.net is.

     

    The search box search engines all seemed legitimate (google, ebay, wikipedia, etc.), but I removed everything except google.

     

    I found saviunGotoyouu as an add-on and have Removed it.

     

    In Plugins, Google Update 1.3.22.3, Shockwave Flash 11.9.900.170, & Windows Presentation Foundation 3.5.30729.1 were set to "Always Activate" & now have been set to "Never Activate".  Java Deployment Toolkit 7.0.250.17 10.25.2.17 (known to be vulnerable) was set to "Ask to Activate" and is now "Never Activate".

     

    I will now restart with add-ons disabled.


    Edited by 1695814, 17 January 2014 - 07:49 AM.


    #20 1695814

    1695814

      Authentic Member

    • Authentic Member
    • PipPip
    • 84 posts

    Posted 17 January 2014 - 07:47 AM

    FF asked if I wanted "Safe Mode" or to "Reset FF", so I chose to Reset.

     

    When I go into Plugins, the same four are there with the same settings (always/ask to activate) as before.


    Edited by 1695814, 17 January 2014 - 07:50 AM.


    #21 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,203 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 17 January 2014 - 08:00 AM

    Those are legit and can be activated, I was just concerned about saviunGotoyouu

     

    Since thats been removed go ahead and run a new scan with OTL and post the log and lets see if its gone


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #22 1695814

    1695814

      Authentic Member

    • Authentic Member
    • PipPip
    • 84 posts

    Posted 17 January 2014 - 09:06 PM

    okay, thank you.

     

    Here is the latest OTL log:

     

    OTL logfile created on: 1/17/2014 8:41:00 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kati\Desktop
    Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    1.99 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.37% Memory free
    4.21 Gb Paging File | 2.69 Gb Available in Paging File | 63.83% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 10.20 Gb Free Space | 13.69% Space Free | Partition Type: NTFS
     
    Computer Name: GEORGE | User Name: Kati | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Windows\System32\rpcnetp.exe ()
    PRC - C:\Users\Kati\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.28_windows_intelx86 ()
    PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.)
    PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    PRC - C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
    PRC - C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
    PRC - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
    PRC - C:\Program Files\BOINC\boinc.exe (World Community Grid)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_mcm1_7.28_windows_intelx86 ()
    MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
    MOD - C:\Program Files\BOINC\zlib1.dll ()
     
     
    ========== Services (SafeList) ==========
     
    SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
    SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (MpKsl1e110d09) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{505344CE-349F-402F-AD68-D3A7F82166F0}\MpKsl1e110d09.sys (Microsoft Corporation)
    DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
    DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
    DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
    DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
    DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (GTIPCI21) -- C:\Windows\System32\drivers\gtipci21.sys (Texas Instruments)
    DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A CB 03 81 75 0E CF 01  [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    ========== FireFox ==========
     
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
    FF - user.js - File not found
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/01/17 20:24:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
     
    [2013/08/07 21:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kati\AppData\Roaming\Mozilla\Extensions
    [2013/12/20 11:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/12/20 11:59:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
     
    ========== Chrome  ==========
     
    CHR - Extension: avast! Online Security = C:\Users\Kati\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\
    CHR - Extension: Google Wallet = C:\Users\Kati\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
     
    O1 HOSTS File: ([2014/01/16 07:53:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1       localhost
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
    O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
    O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKCU..\Run: [HP Officejet 6700 (NET)] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Users\Kati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: LastPass - file://C:\Users\Kati\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
    O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Kati\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
    O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
    O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80076C00-EDAA-4215-96BE-0E5C5DDC6CF6}: DhcpNameServer = 192.168.0.1 205.171.2.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD0B6413-E9C5-4947-B6D8-714D4C14D320}: DhcpNameServer = 192.168.0.1 205.171.2.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD0B6413-E9C5-4947-B6D8-714D4C14D320}: NameServer = 8.8.8.8,8.8.4.4
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
    O24 - Desktop WallPaper: C:\Users\Kati\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Kati\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{ee927a7e-3250-11e3-ac07-00e0b8cdabba}\Shell - "" = AutoRun
    O33 - MountPoints2\{ee927a7e-3250-11e3-ac07-00e0b8cdabba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (sdnclean.exe)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2014/01/17 20:25:49 | 000,000,000 | ---D | C] -- C:\Users\Kati\AppData\Roaming\AVAST Software
    [2014/01/17 20:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2014/01/17 20:24:14 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2014/01/17 20:24:13 | 000,775,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/01/17 20:24:12 | 000,410,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/01/17 20:24:11 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/01/17 20:24:10 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2014/01/17 20:24:04 | 000,270,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2014/01/17 20:23:54 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/01/17 20:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2014/01/17 07:45:37 | 000,000,000 | ---D | C] -- C:\Users\Kati\Desktop\Old Firefox Data
    [2014/01/16 07:53:04 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/01/15 08:02:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kati\Desktop\OTL.exe
    [2014/01/14 20:02:36 | 091,412,976 | ---- | C] (AVAST Software) -- C:\Users\Kati\Desktop\avast_free_antivirus_setup.exe
    [2014/01/14 08:35:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/01/14 07:42:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/01/14 07:41:39 | 000,000,000 | ---D | C] -- C:\Users\Kati\Desktop\GooredFix Backups
    [2014/01/14 07:40:22 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Kati\Desktop\JRT.exe
    [2014/01/14 07:38:24 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Kati\Desktop\GooredFix.exe
    [2014/01/13 19:18:36 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Kati\Desktop\aswMBR.exe
    [2014/01/13 19:14:40 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Kati\Desktop\dds.scr
    [2014/01/12 16:57:55 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kati\Desktop\HiJackThis.exe
    [2014/01/11 21:52:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
    [2014/01/11 21:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2014/01/11 21:44:06 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
    [2014/01/11 21:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2014/01/11 21:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2014/01/11 12:13:41 | 000,000,000 | ---D | C] -- C:\Windows\Migration
    [2014/01/10 21:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
    [2014/01/10 21:32:00 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
    [2014/01/10 21:32:00 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
    [2014/01/10 21:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    [2014/01/10 21:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
    [2014/01/10 21:15:42 | 000,000,000 | ---D | C] -- C:\Users\Kati\AppData\Roaming\Malwarebytes
    [2014/01/10 21:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/01/10 21:14:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2014/01/10 21:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/12/20 11:58:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/08/08 20:09:39 | 011,019,776 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
     
    ========== Files - Modified Within 30 Days ==========
     
    [2014/01/17 20:40:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/17 20:37:32 | 000,043,008 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
    [2014/01/17 20:34:48 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/01/17 20:34:48 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/01/17 20:25:17 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/01/17 20:23:57 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2014/01/17 20:23:57 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2014/01/17 20:23:57 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2014/01/17 20:23:57 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2014/01/17 20:23:57 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2014/01/17 20:23:57 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2014/01/17 20:23:56 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2014/01/17 20:23:54 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2014/01/17 20:23:54 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2014/01/17 20:08:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/17 07:39:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/16 18:40:52 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2014/01/16 18:35:01 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
    [2014/01/16 18:34:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/16 18:34:39 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2014/01/16 18:34:29 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
    [2014/01/16 07:53:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2014/01/15 08:03:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kati\Desktop\OTL.exe
    [2014/01/15 08:01:26 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2014/01/14 20:43:37 | 091,412,976 | ---- | M] (AVAST Software) -- C:\Users\Kati\Desktop\avast_free_antivirus_setup.exe
    [2014/01/14 07:40:36 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Kati\Desktop\JRT.exe
    [2014/01/14 07:39:30 | 001,236,282 | ---- | M] () -- C:\Users\Kati\Desktop\AdwCleaner.exe
    [2014/01/14 07:38:29 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Kati\Desktop\GooredFix.exe
    [2014/01/13 19:34:03 | 000,000,512 | ---- | M] () -- C:\Users\Kati\Desktop\MBR.dat
    [2014/01/13 19:23:40 | 000,002,153 | ---- | M] () -- C:\Users\Kati\Desktop\attach.zip
    [2014/01/13 19:19:13 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Kati\Desktop\aswMBR.exe
    [2014/01/13 19:15:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Kati\Desktop\dds.scr
    [2014/01/12 16:58:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kati\Desktop\HiJackThis.exe
    [2014/01/12 12:14:09 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2014/01/11 21:44:18 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2014/01/11 12:21:29 | 000,642,218 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/01/11 12:21:29 | 000,119,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/01/10 21:32:00 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
    [2014/01/10 21:14:32 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
     
    ========== Files Created - No Company Name ==========
     
    [2014/01/17 20:25:17 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2014/01/17 20:24:14 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2014/01/17 20:24:12 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2014/01/14 07:39:04 | 001,236,282 | ---- | C] () -- C:\Users\Kati\Desktop\AdwCleaner.exe
    [2014/01/13 19:34:03 | 000,000,512 | ---- | C] () -- C:\Users\Kati\Desktop\MBR.dat
    [2014/01/13 19:23:40 | 000,002,153 | ---- | C] () -- C:\Users\Kati\Desktop\attach.zip
    [2014/01/11 21:44:49 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2014/01/11 21:44:46 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2014/01/11 21:44:43 | 000,000,644 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2014/01/11 21:44:18 | 000,001,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2014/01/11 21:44:18 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2014/01/11 10:37:53 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
    [2014/01/10 21:32:00 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
    [2014/01/10 21:14:32 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/01/05 20:09:39 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
    [2013/08/27 20:44:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2013/08/11 13:37:48 | 000,003,584 | ---- | C] () -- C:\Users\Kati\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/08/09 02:09:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2013/08/09 02:09:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2013/08/09 02:08:21 | 000,643,072 | ---- | C] () -- C:\Windows\System32\autochk.exe
    [2013/08/09 02:06:49 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2013/08/08 19:49:50 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
    [2013/08/08 19:49:50 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
    [2013/08/08 19:49:50 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
    [2013/08/07 21:49:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2013/08/07 20:29:20 | 000,001,356 | ---- | C] () -- C:\Users\Kati\AppData\Local\d3d9caps.dat
     
    ========== ZeroAccess Check ==========
     
    [2006/11/02 06:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

    < End of report >
     



    #23 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,203 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 17 January 2014 - 11:45 PM

    :thumbup:

     

    Looks like its gone , are the redirects gone also ?


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #24 1695814

    1695814

      Authentic Member

    • Authentic Member
    • PipPip
    • 84 posts

    Posted 17 January 2014 - 11:55 PM

    I've had no (recent) problems with redirects, so I think they're gone.


    Edited by 1695814, 17 January 2014 - 11:55 PM.


    #25 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,203 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 18 January 2014 - 12:17 AM

    Great, have you tried running chkdsk ?    Disable your Anti Virus software and see if it will run.   If you still have problems with I can send you over to our windows forum for help with that.


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #26 1695814

    1695814

      Authentic Member

    • Authentic Member
    • PipPip
    • 84 posts

    Posted 18 January 2014 - 09:35 PM

    Regarding chkdsk...this is what I've done:

     

    Run a command prompt as administrator.

    Type "chkdsk c:"

     

    This is the message I get ("..." means "the same thing as the above line I just don't want to type it out again"):

     

    ---

    The type of the file system is NTFS.

    WARNING! F parameter not specified.
    Running CHKDSK in read-only mode.

    CHKDSK is verifying files (stage 1 of 3)...
    Attribute record (160, $I30) from file record segment 95915d) is corrupt.
    ... (128, "") ... 96679 ...
    ... (160, $I30) ... 141802d) ...
    ... (128, "") ... 150065 ...
    ... (128, "") ... 150945 ...

      282240 file records processed.
    File verification completed.
      1290 large file records processed.

    Errors found.  CHKDSK cannot continue in read-only mode.

    ---

     

    When I try to run it with the "/f" option it tells me that it can't do it except on a reboot, so I say, "Sure, go ahead & schedule that."  But, when I reboot nothing really happens.

     

    So, I'm left a little confused.


    Edited by 1695814, 18 January 2014 - 09:35 PM.


    #27 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,203 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 19 January 2014 - 05:55 AM

    Hi, lets do this.

     

    Post here in our windows forum

    http://forums.whatth...p?showforum=119

     

    Tell them that you posted here for some malware and that your now clean. 

    http://forums.whatth...c=127646&page=1

     

    Ask then to look at Post # 11, the extras log showing the ========== Last 20 Event Log Errors ==========

     

    Let them help you with running chkdsk.

     

    Also let them know your involved with Grid Computing 

     

    I am hoping that nothing is wrong with your hard drive

     

    I will find you over at the windows forum and follow along

     

    Ken :)


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #28 1695814

    1695814

      Authentic Member

    • Authentic Member
    • PipPip
    • 84 posts

    Posted 20 January 2014 - 08:57 AM

    Thank you, Ken.

     

    I've started a thread over there (http://forums.whatth...howtopic=127687).

     

    Thanks for all of your help.

    ###



    #29 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,203 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 20 January 2014 - 09:57 AM

    :thumbup:

     

    Good, someone should be along shortly 


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #30 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,203 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 29 January 2014 - 05:39 PM

    Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
     
     
    Malwarebytes is the free version and yours to keep and will not be removed
     
     
    How did I get infected in the first place ?    
    Read these links and find out how to prevent getting infected again.
  • Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
  •  
     
    Safe Surfn
    Ken

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users